Analysis

Category Package Started Completed Duration Options Log
FILE exe 2019-02-11 19:38:13 2019-02-11 19:38:56 43 seconds Show Options Show Log
route = internet
import_reconstruction = 1
procdump = 1
argument = -agent
2019-02-11 19:38:14,000 [root] INFO: Date set to: 02-11-19, time set to: 19:38:14, timeout set to: 200
2019-02-11 19:38:14,046 [root] DEBUG: Starting analyzer from: C:\iuxibflf
2019-02-11 19:38:14,046 [root] DEBUG: Storing results at: C:\RHcKBnUQPW
2019-02-11 19:38:14,046 [root] DEBUG: Pipe server name: \\.\PIPE\IhiLYEsVKj
2019-02-11 19:38:14,046 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-02-11 19:38:14,046 [root] INFO: Automatically selected analysis package "exe"
2019-02-11 19:38:15,045 [root] DEBUG: Started auxiliary module Browser
2019-02-11 19:38:15,045 [root] DEBUG: Started auxiliary module Curtain
2019-02-11 19:38:15,045 [modules.auxiliary.digisig] INFO: Skipping authenticode validation, signtool.exe was not found in bin/
2019-02-11 19:38:15,045 [root] DEBUG: Started auxiliary module DigiSig
2019-02-11 19:38:15,045 [root] DEBUG: Started auxiliary module Disguise
2019-02-11 19:38:15,059 [root] DEBUG: Started auxiliary module Human
2019-02-11 19:38:15,059 [root] DEBUG: Started auxiliary module Screenshots
2019-02-11 19:38:15,059 [root] DEBUG: Started auxiliary module Sysmon
2019-02-11 19:38:15,059 [root] DEBUG: Started auxiliary module Usage
2019-02-11 19:38:15,059 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2019-02-11 19:38:15,059 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2019-02-11 19:38:15,388 [lib.api.process] INFO: Successfully executed process from path "C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe" with arguments "" with pid 716
2019-02-11 19:38:15,388 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 19:38:15,388 [lib.api.process] INFO: 32-bit DLL to inject is C:\iuxibflf\dll\utvYmG.dll, loader C:\iuxibflf\bin\iAgORvT.exe
2019-02-11 19:38:15,482 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 716
2019-02-11 19:38:17,493 [lib.api.process] INFO: Successfully resumed process with pid 716
2019-02-11 19:38:17,493 [root] INFO: Added new process to list with pid: 716
2019-02-11 19:38:17,588 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 19:38:17,588 [root] DEBUG: Process dumps enabled.
2019-02-11 19:38:17,588 [root] DEBUG: Import reconstruction of process dumps enabled.
2019-02-11 19:38:17,727 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 716 at 0x747a0000, image base 0x400000, stack from 0x186000-0x190000
2019-02-11 19:38:17,727 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe".
2019-02-11 19:38:17,727 [root] INFO: Monitor successfully loaded in process with pid 716.
2019-02-11 19:38:17,775 [root] INFO: Disabling sleep skipping.
2019-02-11 19:38:18,305 [root] DEBUG: DLL loaded at 0x746A0000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2019-02-11 19:38:18,305 [root] DEBUG: DLL loaded at 0x74500000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-02-11 19:38:18,305 [root] DEBUG: DLL loaded at 0x75670000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-02-11 19:38:18,335 [root] DEBUG: DLL loaded at 0x74BB0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-02-11 19:38:18,335 [root] DEBUG: DLL loaded at 0x75860000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-02-11 19:38:18,382 [root] DEBUG: DLL loaded at 0x74B90000: C:\Windows\system32\profapi (0xb000 bytes).
2019-02-11 19:38:18,414 [root] DEBUG: DLL loaded at 0x758B0000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-02-11 19:38:18,414 [root] DEBUG: DLL loaded at 0x76A40000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-02-11 19:38:18,430 [root] DEBUG: DLL loaded at 0x76770000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-02-11 19:38:18,430 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-02-11 19:38:18,446 [root] DEBUG: DLL loaded at 0x74CB0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-02-11 19:38:18,617 [root] DEBUG: DLL loaded at 0x74B60000: C:\Windows\System32\shdocvw (0x2e000 bytes).
2019-02-11 19:38:18,694 [root] DEBUG: DLL loaded at 0x75530000: C:\Windows\SysWOW64\urlmon (0x136000 bytes).
2019-02-11 19:38:18,773 [root] DEBUG: DLL loaded at 0x75370000: C:\Windows\syswow64\WININET (0xf5000 bytes).
2019-02-11 19:38:18,803 [root] DEBUG: DLL loaded at 0x76BD0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-02-11 19:38:18,851 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\syswow64\CRYPT32 (0x11d000 bytes).
2019-02-11 19:38:18,851 [root] DEBUG: DLL loaded at 0x768B0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2019-02-11 19:38:19,148 [root] DEBUG: DLL unloaded from 0x00400000.
2019-02-11 19:38:19,194 [root] INFO: Announced 32-bit process name: VSEBLANKI24.exe pid: 2152
2019-02-11 19:38:19,194 [root] INFO: Added new process to list with pid: 2152
2019-02-11 19:38:19,194 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 19:38:19,210 [lib.api.process] INFO: 32-bit DLL to inject is C:\iuxibflf\dll\utvYmG.dll, loader C:\iuxibflf\bin\iAgORvT.exe
2019-02-11 19:38:19,210 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2152
2019-02-11 19:38:19,226 [root] DEBUG: DLL unloaded from 0x75530000.
2019-02-11 19:38:19,240 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 19:38:19,240 [root] DEBUG: DLL unloaded from 0x75B20000.
2019-02-11 19:38:19,240 [root] DEBUG: Process dumps enabled.
2019-02-11 19:38:19,256 [root] DEBUG: DLL unloaded from 0x74B60000.
2019-02-11 19:38:19,256 [root] DEBUG: Import reconstruction of process dumps enabled.
2019-02-11 19:38:19,256 [root] INFO: Disabling sleep skipping.
2019-02-11 19:38:19,256 [root] DEBUG: DLL unloaded from 0x746A0000.
2019-02-11 19:38:19,256 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 716
2019-02-11 19:38:19,272 [root] DEBUG: GetHookCallerBase: thread 1496 (handle 0x0), return address 0x004315FF, allocation base 0x00400000.
2019-02-11 19:38:19,272 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00400000.
2019-02-11 19:38:19,272 [root] DEBUG: ApiReader: module list size: 30
2019-02-11 19:38:19,272 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2152 at 0x747a0000, image base 0x400000, stack from 0x186000-0x190000
2019-02-11 19:38:19,272 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,288 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe" -agent.
2019-02-11 19:38:19,288 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,288 [root] INFO: Monitor successfully loaded in process with pid 2152.
2019-02-11 19:38:19,303 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,303 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,319 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,335 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,349 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,365 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,381 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,397 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,413 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2019-02-11 19:38:19,413 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2019-02-11 19:38:19,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,444 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,460 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,474 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,490 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,506 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2019-02-11 19:38:19,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2019-02-11 19:38:19,506 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2019-02-11 19:38:19,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2019-02-11 19:38:19,506 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2019-02-11 19:38:19,506 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2019-02-11 19:38:19,522 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,522 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,522 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2019-02-11 19:38:19,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2019-02-11 19:38:19,522 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,538 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2019-02-11 19:38:19,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,569 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,599 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,615 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,615 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2019-02-11 19:38:19,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2019-02-11 19:38:19,631 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-02-11 19:38:19,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-02-11 19:38:19,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-02-11 19:38:19,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-02-11 19:38:19,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-02-11 19:38:19,631 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2019-02-11 19:38:19,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2019-02-11 19:38:19,631 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2019-02-11 19:38:19,631 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2019-02-11 19:38:19,647 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2019-02-11 19:38:19,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2019-02-11 19:38:19,647 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2019-02-11 19:38:19,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2019-02-11 19:38:19,647 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,647 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,677 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,694 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:19,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,694 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,709 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,724 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,740 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,756 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,772 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,786 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,802 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,818 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,834 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2152
2019-02-11 19:38:19,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,834 [root] DEBUG: GetHookCallerBase: thread 2016 (handle 0x0), return address 0x004314DB, allocation base 0x00400000.
2019-02-11 19:38:19,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,834 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00400000.
2019-02-11 19:38:19,834 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,834 [root] DEBUG: ApiReader: module list size: 20
2019-02-11 19:38:19,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,849 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,849 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,865 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,865 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,881 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:19,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,895 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,911 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,927 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,943 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,959 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:19,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:19,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:19,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:19,990 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,006 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,020 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,036 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,052 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,068 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,084 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,098 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,115 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2019-02-11 19:38:20,115 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2019-02-11 19:38:20,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2019-02-11 19:38:20,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2019-02-11 19:38:20,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,115 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,115 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,130 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,130 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\propsys.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\propsys.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,130 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,130 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\clbcatq.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,130 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\clbcatq.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntmarta.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntmarta.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\Wldap32.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\Wldap32.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\setupapi.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\setupapi.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,145 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,161 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,177 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,193 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,223 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-02-11 19:38:20,240 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,255 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,270 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,286 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,302 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,318 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,332 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,348 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,364 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,380 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,395 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,411 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cfgmgr32.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,411 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\devobj.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\devobj.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,411 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,411 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00400000
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,411 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00431448
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,411 [root] DEBUG: Module image dump success
2019-02-11 19:38:20,411 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x43c45c, size: 0x334
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: IAT parsing finished, found 191 valid APIs, missed 0 APIs
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: Adding module to module list: oleaut32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,427 [root] DEBUG: Adding module to module list: advapi32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: Adding module to module list: user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: Adding module to module list: kernel32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: Adding module to module list: user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: Adding module to module list: gdi32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: Adding module to module list: kernel32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,427 [root] DEBUG: Adding module to module list: advapi32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,427 [root] DEBUG: Adding module to module list: shell32.dll
2019-02-11 19:38:20,427 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,427 [root] DEBUG: Adding module to module list: kernel32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,441 [root] DEBUG: Adding module to module list: oleaut32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,441 [root] DEBUG: Adding module to module list: shell32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,441 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,441 [root] DEBUG: Invalid PE file: import table rebuild failed.
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,441 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,441 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,457 [root] INFO: Added new CAPE file to list with path: C:\RHcKBnUQPW\CAPE\716_7976414124859312222019
2019-02-11 19:38:20,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,457 [root] DEBUG: DLL unloaded from 0x75700000.
2019-02-11 19:38:20,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,457 [root] DEBUG: DLL unloaded from 0x74BB0000.
2019-02-11 19:38:20,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,457 [root] INFO: Notified of termination of process with pid 716.
2019-02-11 19:38:20,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,457 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,473 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,505 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,536 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,552 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,566 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,566 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,582 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,598 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,614 [root] INFO: Process with pid 716 has terminated
2019-02-11 19:38:20,614 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,614 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,614 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,630 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,630 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,644 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,644 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,644 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,644 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,661 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2019-02-11 19:38:20,676 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,676 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,676 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,676 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,676 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,691 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,707 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,707 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,707 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,707 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2019-02-11 19:38:20,723 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2019-02-11 19:38:20,723 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2019-02-11 19:38:20,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2019-02-11 19:38:20,739 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2019-02-11 19:38:20,753 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2019-02-11 19:38:20,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2019-02-11 19:38:20,769 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2019-02-11 19:38:20,769 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2019-02-11 19:38:20,786 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00400000
2019-02-11 19:38:20,786 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00431448
2019-02-11 19:38:20,801 [root] DEBUG: Module image dump success
2019-02-11 19:38:20,816 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x43c45c, size: 0x334
2019-02-11 19:38:20,832 [root] DEBUG: IAT parsing finished, found 191 valid APIs, missed 0 APIs
2019-02-11 19:38:20,832 [root] DEBUG: Adding module to module list: oleaut32.dll
2019-02-11 19:38:20,832 [root] DEBUG: Adding module to module list: advapi32.dll
2019-02-11 19:38:20,832 [root] DEBUG: Adding module to module list: user32.dll
2019-02-11 19:38:20,848 [root] DEBUG: Adding module to module list: kernel32.dll
2019-02-11 19:38:20,848 [root] DEBUG: Adding module to module list: user32.dll
2019-02-11 19:38:20,878 [root] DEBUG: Adding module to module list: gdi32.dll
2019-02-11 19:38:20,878 [root] DEBUG: Adding module to module list: kernel32.dll
2019-02-11 19:38:20,878 [root] DEBUG: Adding module to module list: advapi32.dll
2019-02-11 19:38:20,878 [root] DEBUG: Adding module to module list: shell32.dll
2019-02-11 19:38:20,878 [root] DEBUG: Adding module to module list: kernel32.dll
2019-02-11 19:38:20,894 [root] DEBUG: Adding module to module list: oleaut32.dll
2019-02-11 19:38:20,894 [root] DEBUG: Adding module to module list: shell32.dll
2019-02-11 19:38:20,894 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2019-02-11 19:38:20,894 [root] DEBUG: Invalid PE file: import table rebuild failed.
2019-02-11 19:38:20,894 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2019-02-11 19:38:20,910 [root] INFO: Added new CAPE file to list with path: C:\RHcKBnUQPW\CAPE\2152_11399178162058312222019
2019-02-11 19:38:20,910 [root] DEBUG: DLL unloaded from 0x75700000.
2019-02-11 19:38:20,910 [root] INFO: Notified of termination of process with pid 2152.
2019-02-11 19:38:21,628 [root] INFO: Process with pid 2152 has terminated
2019-02-11 19:38:39,880 [root] INFO: Process list is empty, terminating analysis.
2019-02-11 19:38:40,894 [root] INFO: Created shutdown mutex.
2019-02-11 19:38:41,907 [root] INFO: Shutting down package.
2019-02-11 19:38:41,907 [root] INFO: Stopping auxiliary modules.
2019-02-11 19:38:41,907 [root] INFO: Finishing auxiliary modules.
2019-02-11 19:38:41,907 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-02-11 19:38:41,907 [root] INFO: Analysis completed.

MalScore

1.5

Benign

Machine

Name Label Manager Started On Shutdown On
target-02 target-02 ESX 2019-02-11 19:38:13 2019-02-11 19:38:53

File Details

File Name VSEBLANKI24
File Size 230912 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 77487c27f5476f7bcb092106f4845b4f
SHA1 b45a6f02891aa4d7f80520c0a2777e1a5f527c4d
SHA256 6a1280ecfa06bf36f01280f9eea722e9b2e5ce0ab75f5e30dc5a73eae4b9cfdc
SHA512 1684a9c64463aa0ca18014a245eb81de32045c1214419312d0afd3ece811e883481f0d18cfb019f15fea6850539054ba066deac0e9e498653165949730764908
CRC32 506844DD
Ssdeep 6144:PS60TDvlFxXcm4DQFu/U3buRKlemZ9DnGAedgQ8v7+XhDRp:P4Dvlcm4DQFu/U3buRKlemZ9DnGAedEg
TrID
  • 42.4% (.EXE) Win32 Executable Delphi generic (14182/79/4)
  • 19.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
  • 13.5% (.EXE) Win32 Executable (generic) (4508/7/1)
  • 6.2% (.EXE) Win16/32 Executable Delphi generic (2072/23)
  • 6.0% (.EXE) OS/2 Executable (generic) (2029/13)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Download Download ZIP Resubmit sample

Signatures

Possible date expiration check, exits too soon after checking local time
process: VSEBLANKI24.exe, PID 716
Dynamic (imported) function loading detected
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: comctl32.dll/
DynamicLoader: kernel32.dll/GetDiskFreeSpaceExA
DynamicLoader: oleaut32.dll/VariantChangeTypeEx
DynamicLoader: oleaut32.dll/VarNeg
DynamicLoader: oleaut32.dll/VarNot
DynamicLoader: oleaut32.dll/VarAdd
DynamicLoader: oleaut32.dll/VarSub
DynamicLoader: oleaut32.dll/VarMul
DynamicLoader: oleaut32.dll/VarDiv
DynamicLoader: oleaut32.dll/VarIdiv
DynamicLoader: oleaut32.dll/VarMod
DynamicLoader: oleaut32.dll/VarAnd
DynamicLoader: oleaut32.dll/VarOr
DynamicLoader: oleaut32.dll/VarXor
DynamicLoader: oleaut32.dll/VarCmp
DynamicLoader: oleaut32.dll/VarI4FromStr
DynamicLoader: oleaut32.dll/VarR4FromStr
DynamicLoader: oleaut32.dll/VarR8FromStr
DynamicLoader: oleaut32.dll/VarDateFromStr
DynamicLoader: oleaut32.dll/VarCyFromStr
DynamicLoader: oleaut32.dll/VarBoolFromStr
DynamicLoader: oleaut32.dll/VarBstrFromCy
DynamicLoader: oleaut32.dll/VarBstrFromDate
DynamicLoader: oleaut32.dll/VarBstrFromBool

Screenshots


Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

C:\Users\user\AppData\Local\Temp\VSEBLANKI24.ENG
C:\Users\user\AppData\Local\Temp\VSEBLANKI24.ENG.DLL
C:\Users\user\AppData\Local\Temp\VSEBLANKI24.EN
C:\Users\user\AppData\Local\Temp\VSEBLANKI24.EN.DLL
C:\Users\user\AppData\Local\Temp
C:\Users\user\AppData\Local\Temp\46552
C:\Windows\Globalization\Sorting\sortdefault.nls
\??\MountPointManager
C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\user\AppData\Local\Temp\46552
C:\Users\user\AppData\Local\Temp\46552
HKEY_CURRENT_USER\Software\Borland\Locales
HKEY_LOCAL_MACHINE\Software\Borland\Locales
HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
\xea\xa7\x80\xc8\xb2EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\VSEBLANKI24.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
\xeb\xa7\x80\xc8\xb1EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
\xea\xa7\x80\xc8\xb2EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
\xeb\xa7\x80\xc8\xb1EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg 2
kernel32.dll.GetDiskFreeSpaceExA
oleaut32.dll.VariantChangeTypeEx
oleaut32.dll.VarNeg
oleaut32.dll.VarNot
oleaut32.dll.VarAdd
oleaut32.dll.VarSub
oleaut32.dll.VarMul
oleaut32.dll.VarDiv
oleaut32.dll.VarIdiv
oleaut32.dll.VarMod
oleaut32.dll.VarAnd
oleaut32.dll.VarOr
oleaut32.dll.VarXor
oleaut32.dll.VarCmp
oleaut32.dll.VarI4FromStr
oleaut32.dll.VarR4FromStr
oleaut32.dll.VarR8FromStr
oleaut32.dll.VarDateFromStr
oleaut32.dll.VarCyFromStr
oleaut32.dll.VarBoolFromStr
oleaut32.dll.VarBstrFromCy
oleaut32.dll.VarBstrFromDate
oleaut32.dll.VarBstrFromBool
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
"C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe" -agent
C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe -agent

PE Information

Image Base 0x00400000
Entry Point 0x00431448
Reported Checksum 0x00000000
Actual Checksum 0x00042bf1
Minimum OS Version 4.0
Compile Time 2019-02-03 11:04:55
Import Hash fae5c9c056d7dfd06e3f4db7f7c7f7ee

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x0002f118 0x0002f200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.62
.itext 0x00031000 0x000008e0 0x00000a00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.79
.data 0x00032000 0x000026b4 0x00002800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.34
.bss 0x00035000 0x00006324 0x00000000 IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.idata 0x0003c000 0x00001506 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.92
.tls 0x0003e000 0x0000000c 0x00000000 IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rdata 0x0003f000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.20
.reloc 0x00040000 0x00002c10 0x00002e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.58
.rsrc 0x00043000 0x00001800 0x00001800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.72

Imports

Library oleaut32.dll:
0x43c460 SysFreeString
0x43c464 SysReAllocStringLen
0x43c468 SysAllocStringLen
Library advapi32.dll:
0x43c470 RegQueryValueExA
0x43c474 RegOpenKeyExA
0x43c478 RegCloseKey
Library user32.dll:
0x43c480 GetKeyboardType
0x43c484 DestroyWindow
0x43c488 LoadStringA
0x43c48c MessageBoxA
0x43c490 CharNextA
Library kernel32.dll:
0x43c498 GetACP
0x43c49c Sleep
0x43c4a0 VirtualFree
0x43c4a4 VirtualAlloc
0x43c4a8 GetTickCount
0x43c4b0 GetCurrentThreadId
0x43c4bc VirtualQuery
0x43c4c0 WideCharToMultiByte
0x43c4c4 MultiByteToWideChar
0x43c4c8 lstrlenA
0x43c4cc lstrcpynA
0x43c4d0 LoadLibraryExA
0x43c4d4 GetThreadLocale
0x43c4d8 GetStartupInfoA
0x43c4dc GetProcAddress
0x43c4e0 GetModuleHandleA
0x43c4e4 GetModuleFileNameA
0x43c4e8 GetLocaleInfoA
0x43c4ec GetCommandLineA
0x43c4f0 FreeLibrary
0x43c4f4 FindFirstFileA
0x43c4f8 FindClose
0x43c4fc ExitProcess
0x43c500 ExitThread
0x43c504 CreateThread
0x43c508 WriteFile
0x43c510 RtlUnwind
0x43c514 RaiseException
0x43c518 GetStdHandle
Library kernel32.dll:
0x43c520 TlsSetValue
0x43c524 TlsGetValue
0x43c528 LocalAlloc
0x43c52c GetModuleHandleA
Library user32.dll:
0x43c534 TranslateMessage
0x43c538 ReleaseDC
0x43c53c PeekMessageA
0x43c544 MessageBoxW
0x43c548 MessageBoxA
0x43c54c LoadStringA
0x43c550 LoadIconA
0x43c554 GetSystemMetrics
0x43c558 GetSysColor
0x43c55c GetDC
0x43c560 FillRect
0x43c564 DispatchMessageA
0x43c568 CharNextW
0x43c56c CharLowerBuffW
0x43c570 CharNextA
0x43c574 CharLowerBuffA
0x43c578 CharLowerA
0x43c57c CharUpperA
0x43c580 CharToOemA
Library gdi32.dll:
0x43c588 UnrealizeObject
0x43c58c StretchBlt
0x43c590 SetTextColor
0x43c594 SetStretchBltMode
0x43c598 SetROP2
0x43c59c SetDIBColorTable
0x43c5a0 SetBrushOrgEx
0x43c5a4 SetBkMode
0x43c5a8 SetBkColor
0x43c5ac SelectPalette
0x43c5b0 SelectObject
0x43c5b4 RealizePalette
0x43c5b8 PatBlt
0x43c5bc MoveToEx
0x43c5c0 MaskBlt
0x43c5c4 GetTextMetricsA
0x43c5cc GetStockObject
0x43c5d0 GetPixel
0x43c5d4 GetPaletteEntries
0x43c5d8 GetObjectA
0x43c5dc GetDeviceCaps
0x43c5e0 GetDIBits
0x43c5e4 GetDIBColorTable
0x43c5ec GetBrushOrgEx
0x43c5f0 DeleteObject
0x43c5f4 DeleteDC
0x43c5f8 CreatePenIndirect
0x43c5fc CreatePalette
0x43c604 CreateFontIndirectA
0x43c608 CreateDIBitmap
0x43c60c CreateDIBSection
0x43c610 CreateCompatibleDC
0x43c618 CreateBrushIndirect
0x43c61c CreateBitmap
0x43c620 BitBlt
Library kernel32.dll:
0x43c628 WriteFile
0x43c62c WinExec
0x43c630 WaitForSingleObject
0x43c634 VirtualQuery
0x43c638 TerminateProcess
0x43c63c SetFilePointer
0x43c640 SetFileAttributesW
0x43c644 SetEvent
0x43c648 SetEndOfFile
0x43c64c ResumeThread
0x43c650 ResetEvent
0x43c654 ReadFile
0x43c658 OpenProcess
0x43c65c MulDiv
0x43c668 GlobalUnlock
0x43c66c GlobalReAlloc
0x43c670 GlobalHandle
0x43c674 GlobalLock
0x43c678 GlobalFree
0x43c67c GlobalAlloc
0x43c680 GetVersionExA
0x43c684 GetThreadLocale
0x43c688 GetStdHandle
0x43c68c GetProcAddress
0x43c690 GetModuleHandleA
0x43c694 GetModuleFileNameW
0x43c698 GetModuleFileNameA
0x43c69c GetLocaleInfoA
0x43c6a0 GetLocalTime
0x43c6a4 GetLastError
0x43c6a8 GetFullPathNameA
0x43c6ac GetExitCodeThread
0x43c6b4 GetDriveTypeA
0x43c6b8 GetDiskFreeSpaceA
0x43c6bc GetDateFormatA
0x43c6c0 GetCurrentThreadId
0x43c6c4 GetCommandLineW
0x43c6c8 GetCPInfo
0x43c6d0 InterlockedExchange
0x43c6d8 FreeLibrary
0x43c6dc FormatMessageA
0x43c6e0 FindNextFileW
0x43c6e4 FindFirstFileW
0x43c6e8 FindClose
0x43c6f4 ExitProcess
0x43c6f8 EnumCalendarInfoA
0x43c700 DeleteFileW
0x43c704 DeleteFileA
0x43c70c CreateProcessW
0x43c710 CreateProcessA
0x43c714 CreatePipe
0x43c718 CreateFileW
0x43c71c CreateFileA
0x43c720 CreateEventA
0x43c724 CreateDirectoryW
0x43c728 CopyFileW
0x43c72c CompareStringA
0x43c730 CloseHandle
Library advapi32.dll:
0x43c738 RegQueryValueExA
0x43c73c RegOpenKeyExA
0x43c740 RegFlushKey
0x43c744 RegCloseKey
Library shell32.dll:
0x43c74c ShellExecuteW
Library kernel32.dll:
0x43c754 Sleep
Library oleaut32.dll:
0x43c75c SafeArrayPtrOfIndex
0x43c760 SafeArrayGetUBound
0x43c764 SafeArrayGetLBound
0x43c768 SafeArrayCreate
0x43c76c VariantChangeType
0x43c770 VariantCopy
0x43c774 VariantClear
0x43c778 VariantInit
Library shell32.dll:
Library shell32.dll:
0x43c78c SHGetMalloc

.text
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
Int64
System
IInterface
2004, 2005 Pierre le Riche / Professional Software Development
An unexpected memory leak has occurred.
bytes:
Unknown
String
The sizes of unexpected leaked medium and large blocks are:
Unexpected Memory Leak
Uhi2@
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Ph`A@
VWUUh4B@
Ph>D@
Uh)E@
kernel32.dll
GetLongPathNameA
Software\Borland\Locales
Software\Borland\Delphi\Locales
Uhpb@
Exception,q@
EInOutError<r@
EZeroDivide`u@
EInvalidPointerlv@
=?d{@
False
AM/PM
D$LPj
WUWSj
m/d/yy
mmmm d, yyyy
AMPM
AMPM
:mm:ss
kernel32.dll
GetDiskFreeSpaceExA
oleaut32.dll
VariantChangeTypeEx
VarNeg
VarNot
VarAdd
VarSub
VarMul
VarDiv
VarIdiv
VarMod
VarAnd
VarOr
VarXor
VarCmp
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBoolFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromBool
Variants
Empty
Smallint
Integer
Single
Double
Currency
OleStr
Dispatch
Error
Boolean
Variant
Unknown
Decimal
ShortInt
LongWord
Int64
String
Array
ByRef
False
Classes
Classes
Classes
Classes
Pht*A
Strings
Uhf!A
Uh%#A
Uh@%A
Uh|&A
Uh['A
Uh5(A
UhU*A
Uh#*A
Uhi,A
UhH8A
Uhw=A
Uh<AA
Uh!HA
UhfGA
UhuHA
UhXOA
0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_
^$.[()|?+*\{]}
No errors
TRegExpr(comp): Null Argument
TRegExpr(comp): Regexp Too Big
TRegExpr(comp): ParseReg Too Many ()
TRegExpr(comp): ParseReg Unmatched ()
TRegExpr(comp): ParseReg Junk On End
TRegExpr(comp): *+ Operand Could Be Empty
TRegExpr(comp): Nested *?+
TRegExpr(comp): Bad Hex Digit
TRegExpr(comp): Invalid [] Range
TRegExpr(comp): Parse Atom Trailing \
TRegExpr(comp): No Hex Code After \x
TRegExpr(comp): Hex Code After \x Is Too Big
TRegExpr(comp): Unmatched []
TRegExpr(comp): Internal Urp
TRegExpr(comp): ?+*{ Follows Nothing
TRegExpr(comp): Trailing \
TRegExpr(comp): RarseAtom Internal Disaster
TRegExpr(comp): BRACES Argument Too Big
TRegExpr(comp): BRACE Min Param Greater then Max
TRegExpr(comp): Unclosed (?#Comment)
TRegExpr(comp): If you want take part in beta-testing BRACES '{min,max}' and non-greedy ops '*?', '+?', '??' for complex cases - remove '.' from {.$DEFINE ComplexBraces}
TRegExpr(comp): Urecognized Modifier
TRegExpr(comp): LinePairedSeparator must countain two different chars or no chars at all
TRegExpr(exec): RegRepeat Called Inappropriately
TRegExpr(exec): MatchPrim Memory Corruption
TRegExpr(exec): MatchPrim Corrupted Pointers
TRegExpr(exec): Not Assigned Expression Property
TRegExpr(exec): Corrupted Program
TRegExpr(exec): No Input String Specified
TRegExpr(exec): Offset Must Be Greater Then 0
TRegExpr(exec): ExecNext Without Exec[Pos]
TRegExpr(exec): GetInputString Without InputString
TRegExpr(dump): Corrupted Opcode
TRegExpr(exec): Loop Stack Exceeded
TRegExpr(exec): Loop Without LoopEntry !
TRegExpr(misc): Bad p-code imported
Unknown error
Uhi^A
0123456789
0123456789
(pos
]h,6C
kernel32.dll
CreateToolhelp32Snapshot
Heap32ListFirst
Heap32ListNext
Heap32First
Heap32Next
Toolhelp32ReadProcessMemory
Process32First
Process32Next
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32First
Module32Next
Module32FirstW
Module32NextW
0123456789ABCDEF
uBigIntsV3
C:\ERIK\DEVELOPMENT\VEGA\WITHOUTSTREAMS\uBigIntsV3.pas
Scratchpad synch problem
UhG$B
UhYGB
UhXLB
Uh?SB
Uhw`B
C:\ERIK\DEVELOPMENT\VEGA\WITHOUTSTREAMS\Base64.pas
Assertion failure
Zm9vYg==
fooba
Zm9vYmE=
foobar
Zm9vYmFy
9v YmF y
9v YmE
ZgBvAA==
ZgBvAG8A
ZgBvAG8AYgA=
ZgBvAG8AYgBhAA==
ZgBvAG8AYgBhAHIA
ZgBvAG8AYgBhAA=
8AYg Bh AHI A
8AY gBhAA==
base64.pas :: Test fails!
UhAcB
Graphics
Color
HeightLjB
Pitch
TPenXoB
Color`kB
Style
TBrushXpB
TCanvas@qB
Brush
FontloB
Graphics
TBitmapLtB
Graphics
Uh4wB
UhqxB
clBlack
clMaroon
clGreen
clOlive
clNavy
clPurple
clTeal
clGray
clSilver
clRed
clLime
clYellow
clBlue
clFuchsia
clAqua
clWhite
clMoneyGreen
clSkyBlue
clCream
clMedGray
clActiveBorder
clActiveCaption
clAppWorkSpace
clBackground
clBtnFace
clBtnHighlight
clBtnShadow
clBtnText
clCaptionText
clDefault
clGradientActiveCaption
clGradientInactiveCaption
clGrayText
clHighlight
clHighlightText
clHotLight
clInactiveBorder
clInactiveCaption
clInactiveCaptionText
clInfoBk
clInfoText
clMenu
clMenuBar
clMenuHighlight
clMenuText
clNone
clScrollBar
cl3DDkShadow
cl3DLight
clWindow
clWindowFrame
clWindowText
ANSI_CHARSET
DEFAULT_CHARSET
SYMBOL_CHARSET
MAC_CHARSET
SHIFTJIS_CHARSET
HANGEUL_CHARSET
JOHAB_CHARSET
GB2312_CHARSET
CHINESEBIG5_CHARSET
GREEK_CHARSET
TURKISH_CHARSET
HEBREW_CHARSET
ARABIC_CHARSET
BALTIC_CHARSET
RUSSIAN_CHARSET
THAI_CHARSET
EASTEUROPE_CHARSET
OEM_CHARSET
Default
E$PVSj
Graphics
D$*Ph
\$4Vj
Tahoma
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
MS Shell Dlg 2
.com;.cmd;.cpl;.dll;.exe;.hta;.lnk;.msc;.msi;.msp;.pif;.scr;.sys;.bat;
ALLUSERSPROFILE;APPDATA;ProgramData;WINDIR;
https://iplogger.org/173Es7.txt
Error
Runtime error at 00000000
%.*dHo@
^$.[()|?+*\{
?456789:;<=
!"#$%&'()*+,-./0123
MS Sans Serif
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
user32.dll
GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
kernel32.dll
GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
user32.dll
TranslateMessage
ReleaseDC
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxW
MessageBoxA
LoadStringA
LoadIconA
GetSystemMetrics
GetSysColor
GetDC
FillRect
DispatchMessageA
CharNextW
CharLowerBuffW
CharNextA
CharLowerBuffA
CharLowerA
CharUpperA
CharToOemA
gdi32.dll
UnrealizeObject
StretchBlt
SetTextColor
SetStretchBltMode
SetROP2
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
RealizePalette
PatBlt
MoveToEx
MaskBlt
GetTextMetricsA
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetBrushOrgEx
DeleteObject
DeleteDC
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt
kernel32.dll
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
TerminateProcess
SetFilePointer
SetFileAttributesW
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OpenProcess
MulDiv
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetEnvironmentVariableA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCommandLineW
GetCPInfo
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateProcessW
CreateProcessA
CreatePipe
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
CopyFileW
CompareStringA
CloseHandle
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey
shell32.dll
ShellExecuteW
kernel32.dll
Sleep
oleaut32.dll
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
shell32.dll
SHGetSpecialFolderLocation
shell32.dll
SHGetPathFromIDListW
SHGetMalloc
>&?;?H?h?
8Registry
"RTLConsts
SysInit
System
IniFiles
KWindows
UTypes
^Classes
SysConst
sActiveX
3Messages
QTypInfo
SysUtils
ImageHlp
CVariants
$VarUtils
uBigIntsV3
MiniReg
+Graphics
Consts
FindFiles
base64
Crypto
PasZip
\StreamUnit
YAESUtils
ElAES
oRSAUtils
Utils
YStrUtils
(ShlObj
UrlMon
?WinInet
RegStr
*ShellAPI
CommCtrl
TlHelp32
LShortcuts
RegExpr
fooba
foobar
=00057005)
Windows!
PACKAGEINFO
Canvas does not allow drawing
%s (%s, line %d)
Write$Error creating variant or safe array)Variant or safe array index out of bounds
VS_VERSION_INFO
StringFileInfo
041904E3
FileDescription
Master Blankov
FileVersion
2, 4, 0, 0
VarFileInfo
Translation
This file is not on VirusTotal.

Process Tree


VSEBLANKI24.exe, PID: 716, Parent PID: 2584
Full Path: C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe
Command Line: "C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe"
VSEBLANKI24.exe, PID: 2152, Parent PID: 716
Full Path: C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe
Command Line: "C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe" -agent

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name 46552
Associated Filenames
C:\Users\user\AppData\Local\Temp\46552
File Size 1 bytes
File Type very short file (no magic)
MD5 93b885adfe0da089cdf634904fd59f71
SHA1 5ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA256 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
CRC32 D202EF8D
Ssdeep 3::
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Download Download ZIP Submit file
Sorry! No CAPE files.
Process Name VSEBLANKI24.exe
PID 716
Dump Size 256512 bytes
Module Path C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe
Type PE image: 32-bit executable
MD5 d7bb671f583e9ec9d9bb321f8e96bebd
SHA1 3d4ba3fdfa7e2c52ed9317793bee6d35fad4fa88
SHA256 fbe44633d3d837ad239c8f1171015e592aff7f72ae12e518385c5363a300b588
CRC32 54253F04
Ssdeep 6144:9S60TDvlFxXcm4DQFu/U3buRKlemZ9DnGAedgQ8v7+XhDv0c:94Dvlcm4DQFu/U3buRKlemZ9DnGAedEU
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename fbe44633d3d837ad239c8f1171015e592aff7f72ae12e518385c5363a300b588
Download
Process Name VSEBLANKI24.exe
PID 2152
Dump Size 256512 bytes
Module Path C:\Users\user\AppData\Local\Temp\VSEBLANKI24.exe
Type PE image: 32-bit executable
MD5 16c7f3118fdc558d8d4ac5391be29c52
SHA1 645a4fc5d29a953a6465402a4bd1f1c26ff5142e
SHA256 4cf8e2b5c84071787f157cd3df7fb2adcc2b5d4dc80958523c965e088affd77e
CRC32 28CB1E9E
Ssdeep 6144:fS60TDvlFxXcm4DQFu/U3buRKlemZ9DnGAedgQ8v7+XhD7q3:f4Dvlcm4DQFu/U3buRKlemZ9DnGAedEF
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 4cf8e2b5c84071787f157cd3df7fb2adcc2b5d4dc80958523c965e088affd77e
Download

Comments



No comments posted

Processing ( 2.591 seconds )

  • 0.918 TargetInfo
  • 0.713 CAPE
  • 0.38 Static
  • 0.267 ProcDump
  • 0.158 TrID
  • 0.063 BehaviorAnalysis
  • 0.037 Deduplicate
  • 0.02 Dropped
  • 0.018 Strings
  • 0.007 NetworkAnalysis
  • 0.006 AnalysisInfo
  • 0.002 Debug
  • 0.002 config_decoder

Signatures ( 0.057 seconds )

  • 0.01 antiav_detectreg
  • 0.004 persistence_autorun
  • 0.004 infostealer_ftp
  • 0.004 ransomware_files
  • 0.003 antiav_detectfile
  • 0.003 ransomware_extensions
  • 0.002 api_spamming
  • 0.002 decoy_document
  • 0.002 stealth_timeout
  • 0.002 antianalysis_detectreg
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.002 infostealer_mail
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 Doppelganging
  • 0.001 dridex_behavior
  • 0.001 antivm_generic_disk
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 bot_drive
  • 0.001 modify_proxy
  • 0.001 disables_browser_warn

Reporting ( 0.001 seconds )

  • 0.001 CompressResults
Task ID 36425
Mongo ID 5c61cf53f284883e41aeaaa3
Cuckoo release 1.3-CAPE
Delete