Analysis

Category Package Started Completed Duration Options Log
URL ie 2019-05-14 01:44:58 2019-05-14 01:48:50 232 seconds Show Options Show Log
procmemdump = 1
import_reconstruction = 1
procdump = 1
route = internet
2019-05-14 02:44:59,000 [root] INFO: Date set to: 05-14-19, time set to: 01:44:59, timeout set to: 200
2019-05-14 02:44:59,015 [root] DEBUG: Starting analyzer from: C:\awvqohb
2019-05-14 02:44:59,015 [root] DEBUG: Storing results at: C:\QImXTY
2019-05-14 02:44:59,015 [root] DEBUG: Pipe server name: \\.\PIPE\LwzFHELXr
2019-05-14 02:44:59,015 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-05-14 02:44:59,015 [root] INFO: Automatically selected analysis package "ie"
2019-05-14 02:44:59,795 [root] DEBUG: Started auxiliary module Browser
2019-05-14 02:44:59,795 [root] DEBUG: Started auxiliary module Curtain
2019-05-14 02:44:59,795 [modules.auxiliary.digisig] DEBUG: Skipping authenticode validation, analysis is not a file.
2019-05-14 02:44:59,795 [root] DEBUG: Started auxiliary module DigiSig
2019-05-14 02:44:59,811 [root] DEBUG: Started auxiliary module Disguise
2019-05-14 02:44:59,811 [root] DEBUG: Started auxiliary module Human
2019-05-14 02:44:59,811 [root] DEBUG: Started auxiliary module Screenshots
2019-05-14 02:44:59,811 [root] DEBUG: Started auxiliary module Sysmon
2019-05-14 02:44:59,811 [root] DEBUG: Started auxiliary module Usage
2019-05-14 02:44:59,811 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL option
2019-05-14 02:44:59,811 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL_64 option
2019-05-14 02:45:00,122 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Internet Explorer\iexplore.exe" with arguments ""https://unimelbcloud-my.sharepoint.com/:b:/g/personal/naly_unimelb_edu_au/EYw-XWbM4-tMoE2FOlEOtWgB9khJeFEfSWL7i_oYjpUxqw?e=4%3aex2Jg5&at=9"" with pid 2040
2019-05-14 02:45:00,122 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-05-14 02:45:00,122 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2019-05-14 02:45:00,122 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2019-05-14 02:45:00,122 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-05-14 02:45:00,122 [lib.api.process] INFO: 32-bit DLL to inject is C:\awvqohb\dll\NRPrCf.dll, loader C:\awvqohb\bin\fmcxnYq.exe
2019-05-14 02:45:00,325 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LwzFHELXr.
2019-05-14 02:45:00,325 [root] DEBUG: Loader: Injecting process 2040 (thread 1856) with C:\awvqohb\dll\NRPrCf.dll.
2019-05-14 02:45:00,325 [root] DEBUG: Process image base: 0x00CB0000
2019-05-14 02:45:00,325 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\awvqohb\dll\NRPrCf.dll.
2019-05-14 02:45:00,325 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00D56000 - 0x77110000
2019-05-14 02:45:00,325 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x00D60000.
2019-05-14 02:45:00,325 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-05-14 02:45:00,325 [root] DEBUG: Successfully injected DLL C:\awvqohb\dll\NRPrCf.dll.
2019-05-14 02:45:00,325 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2040
2019-05-14 02:45:02,338 [lib.api.process] INFO: Successfully resumed process with pid 2040
2019-05-14 02:45:02,338 [root] INFO: Added new process to list with pid: 2040
2019-05-14 02:45:02,431 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-05-14 02:45:02,431 [root] DEBUG: Full process memory dumps enabled.
2019-05-14 02:45:02,431 [root] DEBUG: Import reconstruction of process dumps enabled.
2019-05-14 02:45:02,431 [root] DEBUG: Process dumps enabled.
2019-05-14 02:45:02,493 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-05-14 02:45:02,493 [root] INFO: Disabling sleep skipping.
2019-05-14 02:45:02,493 [root] INFO: Disabling sleep skipping.
2019-05-14 02:45:02,493 [root] INFO: Disabling sleep skipping.
2019-05-14 02:45:02,493 [root] INFO: Disabling sleep skipping.
2019-05-14 02:45:02,493 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2040 at 0x747e0000, image base 0xcb0000, stack from 0x282000-0x290000
2019-05-14 02:45:02,509 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" "https:\unimelbcloud-my.sharepoint.com\:b:\g\personal\naly_unimelb_edu_au\EYw-XWbM4-tMoE2FOlEOtWgB9khJeFEfSWL7i_oYjpUxqw?e=4-- UNKNOWN FORMAT STRING -- aex2Jg5&at=9".
2019-05-14 02:45:02,509 [root] INFO: Monitor successfully loaded in process with pid 2040.
2019-05-14 02:45:02,525 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-05-14 02:45:02,588 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-05-14 02:45:02,618 [root] DEBUG: DLL loaded at 0x74990000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-05-14 02:45:02,634 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-05-14 02:45:02,665 [root] DEBUG: DLL loaded at 0x74980000: C:\Windows\system32\profapi (0xb000 bytes).
2019-05-14 02:45:02,680 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-05-14 02:45:02,680 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-05-14 02:45:02,680 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-05-14 02:45:02,680 [root] DEBUG: DLL loaded at 0x74960000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-05-14 02:45:02,680 [root] DEBUG: DLL loaded at 0x74950000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-05-14 02:45:02,680 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-05-14 02:45:02,711 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-05-14 02:45:02,711 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\System32\nlaapi (0x10000 bytes).
2019-05-14 02:45:02,727 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-05-14 02:45:02,727 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-05-14 02:45:02,743 [root] DEBUG: DLL loaded at 0x74940000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-05-14 02:45:02,743 [root] DEBUG: DLL unloaded from 0x74340000.
2019-05-14 02:45:02,743 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-05-14 02:45:02,822 [root] DEBUG: DLL loaded at 0x74360000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-05-14 02:45:02,822 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-05-14 02:45:02,836 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-05-14 02:45:02,836 [root] DEBUG: DLL unloaded from 0x74360000.
2019-05-14 02:45:02,836 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-05-14 02:45:02,836 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-05-14 02:45:02,852 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-05-14 02:45:02,868 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-05-14 02:45:02,946 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-05-14 02:45:02,977 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-05-14 02:45:02,977 [root] DEBUG: DLL unloaded from 0x00CB0000.
2019-05-14 02:45:02,993 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 972
2019-05-14 02:45:02,993 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-05-14 02:45:02,993 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2019-05-14 02:45:02,993 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2019-05-14 02:45:02,993 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-05-14 02:45:02,993 [lib.api.process] INFO: 32-bit DLL to inject is C:\awvqohb\dll\NRPrCf.dll, loader C:\awvqohb\bin\fmcxnYq.exe
2019-05-14 02:45:03,009 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LwzFHELXr.
2019-05-14 02:45:03,009 [root] DEBUG: Loader: Injecting process 972 (thread 1652) with C:\awvqohb\dll\NRPrCf.dll.
2019-05-14 02:45:03,009 [root] DEBUG: Process image base: 0x00CB0000
2019-05-14 02:45:03,009 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\awvqohb\dll\NRPrCf.dll.
2019-05-14 02:45:03,009 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x00D56000 - 0x77110000
2019-05-14 02:45:03,009 [root] DEBUG: InjectDllViaIAT: Allocated 0x214 bytes for new import table at 0x00D60000.
2019-05-14 02:45:03,009 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-05-14 02:45:03,009 [root] DEBUG: Successfully injected DLL C:\awvqohb\dll\NRPrCf.dll.
2019-05-14 02:45:03,009 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 972
2019-05-14 02:45:03,009 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-05-14 02:45:03,009 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rasman (0x15000 bytes).
2019-05-14 02:45:03,009 [root] DEBUG: DLL unloaded from 0x74340000.
2019-05-14 02:45:03,009 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-05-14 02:45:03,009 [root] DEBUG: Full process memory dumps enabled.
2019-05-14 02:45:03,009 [root] DEBUG: Import reconstruction of process dumps enabled.
2019-05-14 02:45:03,009 [root] DEBUG: Process dumps enabled.
2019-05-14 02:45:03,009 [root] INFO: Disabling sleep skipping.
2019-05-14 02:45:03,023 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-05-14 02:45:03,023 [root] DEBUG: DLL unloaded from 0x747D0000.
2019-05-14 02:45:03,023 [root] DEBUG: DLL unloaded from 0x74320000.
2019-05-14 02:45:03,023 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-05-14 02:45:03,023 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 972 at 0x747e0000, image base 0xcb0000, stack from 0x222000-0x230000
2019-05-14 02:45:03,023 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2040 CREDAT:79873.
2019-05-14 02:45:03,023 [root] INFO: Added new process to list with pid: 972
2019-05-14 02:45:03,023 [root] INFO: Monitor successfully loaded in process with pid 972.
2019-05-14 02:45:03,023 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-05-14 02:45:03,023 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-05-14 02:45:03,023 [root] DEBUG: DLL unloaded from 0x75600000.
2019-05-14 02:45:03,023 [root] DEBUG: DLL loaded at 0x74310000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-05-14 02:45:03,023 [root] DEBUG: DLL loaded at 0x74990000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-05-14 02:45:03,023 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-05-14 02:45:03,023 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-05-14 02:45:03,039 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-05-14 02:45:03,039 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-05-14 02:45:03,055 [root] DEBUG: DLL loaded at 0x742D0000: C:\Program Files (x86)\Internet Explorer\IEShims (0x35000 bytes).
2019-05-14 02:45:03,055 [root] DEBUG: DLL loaded at 0x74940000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-05-14 02:45:03,071 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-05-14 02:45:03,086 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-05-14 02:45:03,086 [root] DEBUG: DLL loaded at 0x74290000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-05-14 02:45:03,086 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-05-14 02:45:03,086 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-05-14 02:45:03,086 [root] DEBUG: DLL unloaded from 0x74290000.
2019-05-14 02:45:03,101 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-05-14 02:45:03,101 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-05-14 02:45:03,101 [root] DEBUG: DLL loaded at 0x742C0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-05-14 02:45:03,101 [root] DEBUG: DLL loaded at 0x742B0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-05-14 02:45:03,118 [root] DEBUG: DLL loaded at 0x74270000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-05-14 02:45:03,118 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2019-05-14 02:45:03,118 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
2019-05-14 02:45:03,118 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2019-05-14 02:45:03,118 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2019-05-14 02:45:03,118 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-05-14 02:45:03,118 [lib.api.process] INFO: 64-bit DLL to inject is C:\awvqohb\dll\oOlYxHg.dll, loader C:\awvqohb\bin\bqxptTVz.exe
2019-05-14 02:45:03,134 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-05-14 02:45:03,134 [root] DEBUG: DLL loaded at 0x741F0000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-05-14 02:45:03,134 [root] DEBUG: DLL loaded at 0x741E0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-05-14 02:45:03,134 [root] DEBUG: DLL unloaded from 0x74960000.
2019-05-14 02:45:03,134 [root] DEBUG: DLL unloaded from 0x741F0000.
2019-05-14 02:45:03,134 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-05-14 02:45:03,134 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\LwzFHELXr.
2019-05-14 02:45:03,134 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-05-14 02:45:03,134 [root] DEBUG: Loader: Injecting process 1632 (thread 0) with C:\awvqohb\dll\oOlYxHg.dll.
2019-05-14 02:45:03,134 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-05-14 02:45:03,134 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed.
2019-05-14 02:45:03,148 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-05-14 02:45:03,148 [root] DEBUG: DLL loaded at 0x74000000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-05-14 02:45:03,148 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-05-14 02:45:03,164 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-05-14 02:45:03,164 [root] DEBUG: Full process memory dumps enabled.
2019-05-14 02:45:03,164 [root] DEBUG: Import reconstruction of process dumps enabled.
2019-05-14 02:45:03,164 [root] DEBUG: Process dumps enabled.
2019-05-14 02:45:03,164 [root] INFO: Disabling sleep skipping.
2019-05-14 02:45:03,164 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-05-14 02:45:03,164 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-05-14 02:45:03,196 [root] DEBUG: DLL loaded at 0x74980000: C:\Windows\system32\profapi (0xb000 bytes).
2019-05-14 02:45:03,226 [root] WARNING: Unable to place hook on LockResource
2019-05-14 02:45:03,226 [root] WARNING: Unable to hook LockResource
2019-05-14 02:45:03,305 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1632 at 0x0000000074100000, image base 0x00000000FF900000, stack from 0x00000000065F2000-0x0000000006600000
2019-05-14 02:45:03,305 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-05-14 02:45:03,305 [root] INFO: Added new process to list with pid: 1632
2019-05-14 02:45:03,305 [root] INFO: Monitor successfully loaded in process with pid 1632.
2019-05-14 02:45:03,321 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-05-14 02:45:03,321 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-05-14 02:45:03,321 [root] DEBUG: Successfully injected DLL C:\awvqohb\dll\oOlYxHg.dll.
2019-05-14 02:45:03,351 [root] DEBUG: DLL loaded at 0x73FD0000: C:\Windows\system32\IEUI (0x2d000 bytes).
2019-05-14 02:45:03,351 [root] DEBUG: DLL loaded at 0x73FC0000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2019-05-14 02:45:03,382 [root] DEBUG: DLL loaded at 0x73F90000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-05-14 02:47:20,101 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF8390000 to caller regions list (ntdll::NtDuplicateObject).
2019-05-14 02:47:20,132 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF45C0000 to caller regions list (ntdll::NtDuplicateObject).
2019-05-14 02:48:24,124 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-05-14 02:48:24,124 [root] INFO: Created shutdown mutex.
2019-05-14 02:48:25,138 [root] INFO: Setting terminate event for process 2040.
2019-05-14 02:48:25,138 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 2040
2019-05-14 02:48:25,138 [root] INFO: Terminating process 2040 before shutdown.
2019-05-14 02:48:25,138 [root] INFO: Waiting for process 2040 to exit.
2019-05-14 02:48:26,151 [root] INFO: Waiting for process 2040 to exit.
2019-05-14 02:48:27,165 [root] INFO: Waiting for process 2040 to exit.
2019-05-14 02:48:28,180 [root] INFO: Waiting for process 2040 to exit.
2019-05-14 02:48:29,194 [lib.api.process] INFO: Successfully terminated process with pid 2040.
2019-05-14 02:48:29,194 [root] INFO: Waiting for process 2040 to exit.
2019-05-14 02:48:30,207 [root] INFO: Terminating process 972 before shutdown.
2019-05-14 02:48:30,207 [root] INFO: Setting terminate event for process 1632.
2019-05-14 02:48:30,207 [lib.api.process] INFO: Successfully received reply to terminate_event, pid 1632
2019-05-14 02:48:30,207 [root] INFO: Terminating process 1632 before shutdown.
2019-05-14 02:48:30,207 [root] DEBUG: Terminate Event: Attempting to dump process 1632
2019-05-14 02:48:30,207 [root] INFO: Waiting for process 1632 to exit.
2019-05-14 02:48:30,207 [root] DEBUG: DoProcessDump: Created dump file for full process memory dump: C:\QImXTY\memory\1632.dmp.
2019-05-14 02:48:30,801 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00000000FF900000.
2019-05-14 02:48:30,801 [root] DEBUG: ApiReader: module list size: 172
2019-05-14 02:48:30,801 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,801 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,801 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:30,801 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:30,801 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,801 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,801 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,816 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,832 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,848 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,862 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,878 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,894 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,894 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,910 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,926 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,957 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,973 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,973 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:30,987 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,003 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2019-05-14 02:48:31,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,019 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2019-05-14 02:48:31,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2019-05-14 02:48:31,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,019 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2019-05-14 02:48:31,019 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2019-05-14 02:48:31,019 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2019-05-14 02:48:31,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2019-05-14 02:48:31,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2019-05-14 02:48:31,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2019-05-14 02:48:31,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2019-05-14 02:48:31,035 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,035 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,035 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:31,051 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2019-05-14 02:48:31,051 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2019-05-14 02:48:31,051 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2019-05-14 02:48:31,051 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2019-05-14 02:48:31,051 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,051 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,051 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,051 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,051 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,051 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,051 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,082 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,096 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,112 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,128 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,144 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,160 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\winmm.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,190 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,207 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,221 [root] INFO: Waiting for process 1632 to exit.
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,221 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,237 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\mpr.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,253 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2019-05-14 02:48:31,269 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,269 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,285 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,299 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2019-05-14 02:48:31,315 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2019-05-14 02:48:31,315 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2019-05-14 02:48:31,315 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2019-05-14 02:48:31,315 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ExplorerFrame.dll
2019-05-14 02:48:31,315 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ExplorerFrame.dll
2019-05-14 02:48:31,315 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\duser.dll
2019-05-14 02:48:31,315 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\duser.dll
2019-05-14 02:48:31,315 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\dui70.dll
2019-05-14 02:48:31,315 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\dui70.dll
2019-05-14 02:48:31,315 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2019-05-14 02:48:31,331 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2019-05-14 02:48:31,331 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2019-05-14 02:48:31,331 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2019-05-14 02:48:31,331 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2019-05-14 02:48:31,331 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2019-05-14 02:48:31,331 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2019-05-14 02:48:31,331 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2019-05-14 02:48:31,331 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2019-05-14 02:48:31,331 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2019-05-14 02:48:31,331 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2019-05-14 02:48:31,331 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,331 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,346 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,362 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,378 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,394 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,408 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,424 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,440 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,456 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,471 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,503 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,519 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,533 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,549 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,565 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,581 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,596 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,611 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2019-05-14 02:48:31,628 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2019-05-14 02:48:31,642 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2019-05-14 02:48:31,642 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2019-05-14 02:48:31,642 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2019-05-14 02:48:31,642 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2019-05-14 02:48:31,642 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,642 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2019-05-14 02:48:31,642 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2019-05-14 02:48:31,642 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2019-05-14 02:48:31,642 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2019-05-14 02:48:31,642 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2019-05-14 02:48:31,642 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\slc.dll
2019-05-14 02:48:31,642 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\slc.dll
2019-05-14 02:48:31,658 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
2019-05-14 02:48:31,658 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
2019-05-14 02:48:31,658 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\secur32.dll
2019-05-14 02:48:31,658 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\secur32.dll
2019-05-14 02:48:31,658 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,658 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,658 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,658 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,658 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,658 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,674 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,690 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,706 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,720 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,736 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,753 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,767 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2019-05-14 02:48:31,783 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2019-05-14 02:48:31,783 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2019-05-14 02:48:31,783 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2019-05-14 02:48:31,783 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2019-05-14 02:48:31,783 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
2019-05-14 02:48:31,783 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
2019-05-14 02:48:31,783 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll
2019-05-14 02:48:31,783 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll
2019-05-14 02:48:31,783 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\profapi.dll
2019-05-14 02:48:31,783 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\profapi.dll
2019-05-14 02:48:31,783 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2019-05-14 02:48:31,799 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2019-05-14 02:48:31,799 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2019-05-14 02:48:31,799 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2019-05-14 02:48:31,799 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\EhStorShell.dll
2019-05-14 02:48:31,799 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\EhStorShell.dll
2019-05-14 02:48:31,799 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cscui.dll
2019-05-14 02:48:31,799 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cscui.dll
2019-05-14 02:48:31,799 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cscdll.dll
2019-05-14 02:48:31,799 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cscdll.dll
2019-05-14 02:48:31,799 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cscapi.dll
2019-05-14 02:48:31,799 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cscapi.dll
2019-05-14 02:48:31,799 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntshrui.dll
2019-05-14 02:48:31,799 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntshrui.dll
2019-05-14 02:48:31,815 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2019-05-14 02:48:31,815 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2019-05-14 02:48:31,815 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\IconCodecService.dll
2019-05-14 02:48:31,815 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\IconCodecService.dll
2019-05-14 02:48:31,815 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2019-05-14 02:48:31,815 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2019-05-14 02:48:31,815 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2019-05-14 02:48:31,815 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2019-05-14 02:48:31,815 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2019-05-14 02:48:31,815 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2019-05-14 02:48:31,815 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\SndVolSSO.dll
2019-05-14 02:48:31,815 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\SndVolSSO.dll
2019-05-14 02:48:31,831 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\hid.dll
2019-05-14 02:48:31,831 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\hid.dll
2019-05-14 02:48:31,831 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2019-05-14 02:48:31,831 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2019-05-14 02:48:31,831 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\timedate.cpl
2019-05-14 02:48:31,831 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\timedate.cpl
2019-05-14 02:48:31,831 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\atl.dll
2019-05-14 02:48:31,831 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\atl.dll
2019-05-14 02:48:31,831 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\winbrand.dll
2019-05-14 02:48:31,831 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\winbrand.dll
2019-05-14 02:48:31,831 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\actxprxy.dll
2019-05-14 02:48:31,831 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\actxprxy.dll
2019-05-14 02:48:31,831 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2019-05-14 02:48:31,845 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2019-05-14 02:48:31,845 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
2019-05-14 02:48:31,845 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
2019-05-14 02:48:31,845 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2019-05-14 02:48:31,845 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2019-05-14 02:48:31,845 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\samlib.dll
2019-05-14 02:48:31,845 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samlib.dll
2019-05-14 02:48:31,845 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2019-05-14 02:48:31,845 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2019-05-14 02:48:31,861 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2019-05-14 02:48:31,861 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2019-05-14 02:48:31,861 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msftedit.dll
2019-05-14 02:48:31,861 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msftedit.dll
2019-05-14 02:48:31,861 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msls31.dll
2019-05-14 02:48:31,861 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msls31.dll
2019-05-14 02:48:31,861 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2019-05-14 02:48:31,861 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2019-05-14 02:48:31,861 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gameux.dll
2019-05-14 02:48:31,861 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gameux.dll
2019-05-14 02:48:31,861 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\xmllite.dll
2019-05-14 02:48:31,861 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\xmllite.dll
2019-05-14 02:48:31,861 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2019-05-14 02:48:31,877 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2019-05-14 02:48:31,877 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
2019-05-14 02:48:31,877 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
2019-05-14 02:48:31,877 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wer.dll
2019-05-14 02:48:31,877 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wer.dll
2019-05-14 02:48:31,877 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\authui.dll
2019-05-14 02:48:31,877 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\authui.dll
2019-05-14 02:48:31,877 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptui.dll
2019-05-14 02:48:31,877 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptui.dll
2019-05-14 02:48:31,892 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
2019-05-14 02:48:31,892 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
2019-05-14 02:48:31,892 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\version.dll
2019-05-14 02:48:31,892 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2019-05-14 02:48:31,892 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,892 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019-05-14 02:48:31,892 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msi.dll
2019-05-14 02:48:31,892 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msi.dll
2019-05-14 02:48:31,892 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\winsta.dll
2019-05-14 02:48:31,892 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\winsta.dll
2019-05-14 02:48:31,908 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2019-05-14 02:48:31,908 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2019-05-14 02:48:31,908 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shdocvw.dll
2019-05-14 02:48:31,908 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shdocvw.dll
2019-05-14 02:48:31,908 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,908 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,908 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,908 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,908 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,908 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,908 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,924 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,940 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,954 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,954 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:31,954 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2019-05-14 02:48:31,954 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\networkexplorer.dll
2019-05-14 02:48:31,954 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\networkexplorer.dll
2019-05-14 02:48:31,954 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\linkinfo.dll
2019-05-14 02:48:31,954 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\linkinfo.dll
2019-05-14 02:48:31,954 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msutb.dll
2019-05-14 02:48:31,954 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msutb.dll
2019-05-14 02:48:31,954 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\winmm.dll
2019-05-14 02:48:31,954 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\winmm.dll
2019-05-14 02:48:31,970 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2019-05-14 02:48:31,970 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2019-05-14 02:48:31,970 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2019-05-14 02:48:31,970 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2019-05-14 02:48:31,970 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2019-05-14 02:48:31,970 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2019-05-14 02:48:31,970 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2019-05-14 02:48:31,970 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2019-05-14 02:48:31,970 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2019-05-14 02:48:31,970 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2019-05-14 02:48:31,986 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2019-05-14 02:48:31,986 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2019-05-14 02:48:31,986 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\midimap.dll
2019-05-14 02:48:31,986 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\midimap.dll
2019-05-14 02:48:31,986 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\stobject.dll
2019-05-14 02:48:31,986 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\stobject.dll
2019-05-14 02:48:31,986 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\batmeter.dll
2019-05-14 02:48:31,986 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\batmeter.dll
2019-05-14 02:48:31,986 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2019-05-14 02:48:31,986 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2019-05-14 02:48:31,986 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\es.dll
2019-05-14 02:48:32,002 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\es.dll
2019-05-14 02:48:32,002 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\prnfldr.dll
2019-05-14 02:48:32,002 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\prnfldr.dll
2019-05-14 02:48:32,002 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\winspool.drv
2019-05-14 02:48:32,002 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\winspool.drv
2019-05-14 02:48:32,002 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
2019-05-14 02:48:32,002 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
2019-05-14 02:48:32,002 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\DXP.dll
2019-05-14 02:48:32,002 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\DXP.dll
2019-05-14 02:48:32,002 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\urlmon.dll
2019-05-14 02:48:32,002 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\urlmon.dll
2019-05-14 02:48:32,017 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wininet.dll
2019-05-14 02:48:32,017 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wininet.dll
2019-05-14 02:48:32,017 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
2019-05-14 02:48:32,017 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
2019-05-14 02:48:32,017 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
2019-05-14 02:48:32,017 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
2019-05-14 02:48:32,017 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\Syncreg.dll
2019-05-14 02:48:32,017 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\Syncreg.dll
2019-05-14 02:48:32,017 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ActionCenter.dll
2019-05-14 02:48:32,017 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ActionCenter.dll
2019-05-14 02:48:32,032 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wevtapi.dll
2019-05-14 02:48:32,032 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wevtapi.dll
2019-05-14 02:48:32,032 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:32,032 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2019-05-14 02:48:32,032 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\ehome\ehSSO.dll
2019-05-14 02:48:32,032 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\ehome\ehSSO.dll
2019-05-14 02:48:32,032 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\AltTab.dll
2019-05-14 02:48:32,032 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\AltTab.dll
2019-05-14 02:48:32,032 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\netshell.dll
2019-05-14 02:48:32,032 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netshell.dll
2019-05-14 02:48:32,049 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2019-05-14 02:48:32,049 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2019-05-14 02:48:32,049 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2019-05-14 02:48:32,049 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2019-05-14 02:48:32,049 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2019-05-14 02:48:32,049 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2019-05-14 02:48:32,049 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\nlaapi.dll
2019-05-14 02:48:32,049 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\nlaapi.dll
2019-05-14 02:48:32,049 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\pnidui.dll
2019-05-14 02:48:32,049 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\pnidui.dll
2019-05-14 02:48:32,049 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\QUTIL.DLL
2019-05-14 02:48:32,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\QUTIL.DLL
2019-05-14 02:48:32,065 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\WPDShServiceObj.dll
2019-05-14 02:48:32,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\WPDShServiceObj.dll
2019-05-14 02:48:32,065 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\PortableDeviceTypes.dll
2019-05-14 02:48:32,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\PortableDeviceTypes.dll
2019-05-14 02:48:32,065 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\bthprops.cpl
2019-05-14 02:48:32,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\bthprops.cpl
2019-05-14 02:48:32,065 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\PortableDeviceApi.dll
2019-05-14 02:48:32,065 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\PortableDeviceApi.dll
2019-05-14 02:48:32,065 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cscobj.dll
2019-05-14 02:48:32,079 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cscobj.dll
2019-05-14 02:48:32,079 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:32,079 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
2019-05-14 02:48:32,079 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\oleacc.dll
2019-05-14 02:48:32,079 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\oleacc.dll
2019-05-14 02:48:32,079 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\srchadmin.dll
2019-05-14 02:48:32,079 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srchadmin.dll
2019-05-14 02:48:32,079 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\FXSST.dll
2019-05-14 02:48:32,079 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\FXSST.dll
2019-05-14 02:48:32,079 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\FXSAPI.dll
2019-05-14 02:48:32,079 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\FXSAPI.dll
2019-05-14 02:48:32,095 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\FXSRESM.dll
2019-05-14 02:48:32,095 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\FXSRESM.dll
2019-05-14 02:48:32,095 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2019-05-14 02:48:32,095 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2019-05-14 02:48:32,095 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2019-05-14 02:48:32,095 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2019-05-14 02:48:32,095 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2019-05-14 02:48:32,095 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2019-05-14 02:48:32,095 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\credssp.dll
2019-05-14 02:48:32,095 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\credssp.dll
2019-05-14 02:48:32,111 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\mssprxy.dll
2019-05-14 02:48:32,111 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\mssprxy.dll
2019-05-14 02:48:32,111 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wlanapi.dll
2019-05-14 02:48:32,111 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wlanapi.dll
2019-05-14 02:48:32,111 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wlanutil.dll
2019-05-14 02:48:32,111 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wlanutil.dll
2019-05-14 02:48:32,111 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\WWanAPI.dll
2019-05-14 02:48:32,111 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\WWanAPI.dll
2019-05-14 02:48:32,111 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wwapi.dll
2019-05-14 02:48:32,111 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wwapi.dll
2019-05-14 02:48:32,111 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\QAGENT.DLL
2019-05-14 02:48:32,127 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\QAGENT.DLL
2019-05-14 02:48:32,127 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\SyncCenter.dll
2019-05-14 02:48:32,127 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\SyncCenter.dll
2019-05-14 02:48:32,127 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imapi2.dll
2019-05-14 02:48:32,127 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imapi2.dll
2019-05-14 02:48:32,127 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\hgcpl.dll
2019-05-14 02:48:32,127 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\hgcpl.dll
2019-05-14 02:48:32,127 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\provsvc.dll
2019-05-14 02:48:32,127 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\provsvc.dll
2019-05-14 02:48:32,127 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sxs.dll
2019-05-14 02:48:32,127 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sxs.dll
2019-05-14 02:48:32,142 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Program Files\Internet Explorer\ieproxy.dll
2019-05-14 02:48:32,142 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Program Files\Internet Explorer\ieproxy.dll
2019-05-14 02:48:32,142 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\mpr.dll
2019-05-14 02:48:32,142 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\mpr.dll
2019-05-14 02:48:32,142 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\drprov.dll
2019-05-14 02:48:32,142 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\drprov.dll
2019-05-14 02:48:32,142 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntlanman.dll
2019-05-14 02:48:32,142 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntlanman.dll
2019-05-14 02:48:32,142 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\davclnt.dll
2019-05-14 02:48:32,142 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\davclnt.dll
2019-05-14 02:48:32,157 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\davhlpr.dll
2019-05-14 02:48:32,157 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\davhlpr.dll
2019-05-14 02:48:32,157 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2019-05-14 02:48:32,157 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2019-05-14 02:48:32,157 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\dsrole.dll
2019-05-14 02:48:32,157 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\dsrole.dll
2019-05-14 02:48:32,157 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\StructuredQuery.dll
2019-05-14 02:48:32,157 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\StructuredQuery.dll
2019-05-14 02:48:32,157 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msxml3.dll
2019-05-14 02:48:32,157 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msxml3.dll
2019-05-14 02:48:32,157 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rasdlg.dll
2019-05-14 02:48:32,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rasdlg.dll
2019-05-14 02:48:32,174 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\mprapi.dll
2019-05-14 02:48:32,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\mprapi.dll
2019-05-14 02:48:32,174 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rasapi32.dll
2019-05-14 02:48:32,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rasapi32.dll
2019-05-14 02:48:32,174 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rasman.dll
2019-05-14 02:48:32,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rasman.dll
2019-05-14 02:48:32,174 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rtutils.dll
2019-05-14 02:48:32,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rtutils.dll
2019-05-14 02:48:32,174 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\hnetcfg.dll
2019-05-14 02:48:32,174 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\hnetcfg.dll
2019-05-14 02:48:32,188 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
2019-05-14 02:48:32,188 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
2019-05-14 02:48:32,188 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2019-05-14 02:48:32,188 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2019-05-14 02:48:32,188 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\SPInf.dll
2019-05-14 02:48:32,188 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\SPInf.dll
2019-05-14 02:48:32,188 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
2019-05-14 02:48:32,188 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
2019-05-14 02:48:32,188 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wscinterop.dll
2019-05-14 02:48:32,188 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wscinterop.dll
2019-05-14 02:48:32,188 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wscapi.dll
2019-05-14 02:48:32,204 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wscapi.dll
2019-05-14 02:48:32,204 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wscui.cpl
2019-05-14 02:48:32,204 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wscui.cpl
2019-05-14 02:48:32,204 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\werconcpl.dll
2019-05-14 02:48:32,204 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\werconcpl.dll
2019-05-14 02:48:32,204 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\framedynos.dll
2019-05-14 02:48:32,204 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\framedynos.dll
2019-05-14 02:48:32,204 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wercplsupport.dll
2019-05-14 02:48:32,204 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wercplsupport.dll
2019-05-14 02:48:32,220 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msxml6.dll
2019-05-14 02:48:32,220 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msxml6.dll
2019-05-14 02:48:32,220 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\hcproviders.dll
2019-05-14 02:48:32,220 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\hcproviders.dll
2019-05-14 02:48:32,220 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\SearchFolder.dll
2019-05-14 02:48:32,220 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\SearchFolder.dll
2019-05-14 02:48:32,220 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\NaturalLanguage6.dll
2019-05-14 02:48:32,220 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\NaturalLanguage6.dll
2019-05-14 02:48:32,220 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\NlsData0009.dll
2019-05-14 02:48:32,220 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\NlsData0009.dll
2019-05-14 02:48:32,220 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\NlsLexicons0009.dll
2019-05-14 02:48:32,220 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\NlsLexicons0009.dll
2019-05-14 02:48:32,236 [root] INFO: Waiting for process 1632 to exit.
2019-05-14 02:48:32,236 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\thumbcache.dll
2019-05-14 02:48:32,236 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\thumbcache.dll
2019-05-14 02:48:32,236 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
2019-05-14 02:48:32,236 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
2019-05-14 02:48:32,236 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\SensApi.dll
2019-05-14 02:48:32,236 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\SensApi.dll
2019-05-14 02:48:32,236 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00000000FF900000
2019-05-14 02:48:32,236 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00000000FF92B790
2019-05-14 02:48:32,282 [root] DEBUG: Module image dump success
2019-05-14 02:48:32,299 [root] DEBUG: DumpProcessFixImports: Found IAT - 0xff9b8ff8, size: 0x2528
2019-05-14 02:48:32,313 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF92F358
2019-05-14 02:48:32,313 [root] DEBUG: parseIAT :: API not found FF92F358
2019-05-14 02:48:32,313 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903A20
2019-05-14 02:48:32,313 [root] DEBUG: parseIAT :: API not found FF903A20
2019-05-14 02:48:32,313 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF92F388
2019-05-14 02:48:32,313 [root] DEBUG: parseIAT :: API not found FF92F388
2019-05-14 02:48:32,313 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901184
2019-05-14 02:48:32,313 [root] DEBUG: parseIAT :: API not found FF901184
2019-05-14 02:48:32,313 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9014EC
2019-05-14 02:48:32,313 [root] DEBUG: parseIAT :: API not found FF9014EC
2019-05-14 02:48:32,313 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901590
2019-05-14 02:48:32,329 [root] DEBUG: parseIAT :: API not found FF901590
2019-05-14 02:48:32,329 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901564
2019-05-14 02:48:32,329 [root] DEBUG: parseIAT :: API not found FF901564
2019-05-14 02:48:32,329 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9015A8
2019-05-14 02:48:32,329 [root] DEBUG: parseIAT :: API not found FF9015A8
2019-05-14 02:48:32,329 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99E0EC
2019-05-14 02:48:32,329 [root] DEBUG: parseIAT :: API not found FF99E0EC
2019-05-14 02:48:32,329 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:32,329 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:32,329 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901788
2019-05-14 02:48:32,329 [root] DEBUG: parseIAT :: API not found FF901788
2019-05-14 02:48:32,345 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF934A08
2019-05-14 02:48:32,345 [root] DEBUG: parseIAT :: API not found FF934A08
2019-05-14 02:48:32,345 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF907DB0
2019-05-14 02:48:32,345 [root] DEBUG: parseIAT :: API not found FF907DB0
2019-05-14 02:48:32,345 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF907C60
2019-05-14 02:48:32,345 [root] DEBUG: parseIAT :: API not found FF907C60
2019-05-14 02:48:32,345 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90194C
2019-05-14 02:48:32,345 [root] DEBUG: parseIAT :: API not found FF90194C
2019-05-14 02:48:32,345 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9022E4
2019-05-14 02:48:32,345 [root] DEBUG: parseIAT :: API not found FF9022E4
2019-05-14 02:48:32,345 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF902354
2019-05-14 02:48:32,345 [root] DEBUG: parseIAT :: API not found FF902354
2019-05-14 02:48:32,361 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903F80
2019-05-14 02:48:32,361 [root] DEBUG: parseIAT :: API not found FF903F80
2019-05-14 02:48:32,361 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF904510
2019-05-14 02:48:32,361 [root] DEBUG: parseIAT :: API not found FF904510
2019-05-14 02:48:32,361 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF943D00
2019-05-14 02:48:32,361 [root] DEBUG: parseIAT :: API not found FF943D00
2019-05-14 02:48:32,361 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99DA54
2019-05-14 02:48:32,361 [root] DEBUG: parseIAT :: API not found FF99DA54
2019-05-14 02:48:32,361 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99D780
2019-05-14 02:48:32,361 [root] DEBUG: parseIAT :: API not found FF99D780
2019-05-14 02:48:32,361 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF908E80
2019-05-14 02:48:32,377 [root] DEBUG: parseIAT :: API not found FF908E80
2019-05-14 02:48:32,377 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF908E50
2019-05-14 02:48:32,377 [root] DEBUG: parseIAT :: API not found FF908E50
2019-05-14 02:48:32,377 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9038EC
2019-05-14 02:48:32,377 [root] DEBUG: parseIAT :: API not found FF9038EC
2019-05-14 02:48:32,377 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF906264
2019-05-14 02:48:32,377 [root] DEBUG: parseIAT :: API not found FF906264
2019-05-14 02:48:32,377 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF936804
2019-05-14 02:48:32,377 [root] DEBUG: parseIAT :: API not found FF936804
2019-05-14 02:48:32,377 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90629C
2019-05-14 02:48:32,377 [root] DEBUG: parseIAT :: API not found FF90629C
2019-05-14 02:48:32,377 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901794
2019-05-14 02:48:32,391 [root] DEBUG: parseIAT :: API not found FF901794
2019-05-14 02:48:32,391 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF93BDC0
2019-05-14 02:48:32,391 [root] DEBUG: parseIAT :: API not found FF93BDC0
2019-05-14 02:48:32,391 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF904308
2019-05-14 02:48:32,391 [root] DEBUG: parseIAT :: API not found FF904308
2019-05-14 02:48:32,391 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF902590
2019-05-14 02:48:32,391 [root] DEBUG: parseIAT :: API not found FF902590
2019-05-14 02:48:32,391 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF945628
2019-05-14 02:48:32,391 [root] DEBUG: parseIAT :: API not found FF945628
2019-05-14 02:48:32,391 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF934B10
2019-05-14 02:48:32,391 [root] DEBUG: parseIAT :: API not found FF934B10
2019-05-14 02:48:32,407 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF902560
2019-05-14 02:48:32,407 [root] DEBUG: parseIAT :: API not found FF902560
2019-05-14 02:48:32,407 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903960
2019-05-14 02:48:32,407 [root] DEBUG: parseIAT :: API not found FF903960
2019-05-14 02:48:32,407 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF93460C
2019-05-14 02:48:32,407 [root] DEBUG: parseIAT :: API not found FF93460C
2019-05-14 02:48:32,407 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99DC08
2019-05-14 02:48:32,407 [root] DEBUG: parseIAT :: API not found FF99DC08
2019-05-14 02:48:32,407 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99DACC
2019-05-14 02:48:32,407 [root] DEBUG: parseIAT :: API not found FF99DACC
2019-05-14 02:48:32,407 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF937E20
2019-05-14 02:48:32,423 [root] DEBUG: parseIAT :: API not found FF937E20
2019-05-14 02:48:32,423 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90392C
2019-05-14 02:48:32,423 [root] DEBUG: parseIAT :: API not found FF90392C
2019-05-14 02:48:32,423 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99DCF0
2019-05-14 02:48:32,423 [root] DEBUG: parseIAT :: API not found FF99DCF0
2019-05-14 02:48:32,423 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF945650
2019-05-14 02:48:32,423 [root] DEBUG: parseIAT :: API not found FF945650
2019-05-14 02:48:32,423 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90B068
2019-05-14 02:48:32,423 [root] DEBUG: parseIAT :: API not found FF90B068
2019-05-14 02:48:32,423 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF905E10
2019-05-14 02:48:32,423 [root] DEBUG: parseIAT :: API not found FF905E10
2019-05-14 02:48:32,423 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99DCBC
2019-05-14 02:48:32,438 [root] DEBUG: parseIAT :: API not found FF99DCBC
2019-05-14 02:48:32,438 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99DF00
2019-05-14 02:48:32,438 [root] DEBUG: parseIAT :: API not found FF99DF00
2019-05-14 02:48:32,438 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99DFCC
2019-05-14 02:48:32,438 [root] DEBUG: parseIAT :: API not found FF99DFCC
2019-05-14 02:48:32,438 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99E01C
2019-05-14 02:48:32,438 [root] DEBUG: parseIAT :: API not found FF99E01C
2019-05-14 02:48:32,438 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99E050
2019-05-14 02:48:32,438 [root] DEBUG: parseIAT :: API not found FF99E050
2019-05-14 02:48:32,438 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99E004
2019-05-14 02:48:32,438 [root] DEBUG: parseIAT :: API not found FF99E004
2019-05-14 02:48:32,438 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99E0DC
2019-05-14 02:48:32,454 [root] DEBUG: parseIAT :: API not found FF99E0DC
2019-05-14 02:48:32,454 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:32,454 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:32,454 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901788
2019-05-14 02:48:32,454 [root] DEBUG: parseIAT :: API not found FF901788
2019-05-14 02:48:32,454 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90A404
2019-05-14 02:48:32,454 [root] DEBUG: parseIAT :: API not found FF90A404
2019-05-14 02:48:32,454 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CCB8
2019-05-14 02:48:32,454 [root] DEBUG: parseIAT :: API not found FF99CCB8
2019-05-14 02:48:32,454 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF936D14
2019-05-14 02:48:32,454 [root] DEBUG: parseIAT :: API not found FF936D14
2019-05-14 02:48:32,454 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF902A70
2019-05-14 02:48:32,470 [root] DEBUG: parseIAT :: API not found FF902A70
2019-05-14 02:48:32,470 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9380B0
2019-05-14 02:48:32,470 [root] DEBUG: parseIAT :: API not found FF9380B0
2019-05-14 02:48:32,470 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9380BC
2019-05-14 02:48:32,470 [root] DEBUG: parseIAT :: API not found FF9380BC
2019-05-14 02:48:32,470 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9380A0
2019-05-14 02:48:32,470 [root] DEBUG: parseIAT :: API not found FF9380A0
2019-05-14 02:48:32,470 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF908EB0
2019-05-14 02:48:32,470 [root] DEBUG: parseIAT :: API not found FF908EB0
2019-05-14 02:48:32,470 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90923C
2019-05-14 02:48:32,470 [root] DEBUG: parseIAT :: API not found FF90923C
2019-05-14 02:48:32,486 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9043F0
2019-05-14 02:48:32,486 [root] DEBUG: parseIAT :: API not found FF9043F0
2019-05-14 02:48:32,486 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903A9C
2019-05-14 02:48:32,486 [root] DEBUG: parseIAT :: API not found FF903A9C
2019-05-14 02:48:32,486 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF938C70
2019-05-14 02:48:32,486 [root] DEBUG: parseIAT :: API not found FF938C70
2019-05-14 02:48:32,486 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9062C8
2019-05-14 02:48:32,486 [root] DEBUG: parseIAT :: API not found FF9062C8
2019-05-14 02:48:32,486 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901FA8
2019-05-14 02:48:32,486 [root] DEBUG: parseIAT :: API not found FF901FA8
2019-05-14 02:48:32,486 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CCC4
2019-05-14 02:48:32,486 [root] DEBUG: parseIAT :: API not found FF99CCC4
2019-05-14 02:48:32,500 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF958978
2019-05-14 02:48:32,500 [root] DEBUG: parseIAT :: API not found FF958978
2019-05-14 02:48:32,500 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901794
2019-05-14 02:48:32,500 [root] DEBUG: parseIAT :: API not found FF901794
2019-05-14 02:48:32,500 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CDA0
2019-05-14 02:48:32,500 [root] DEBUG: parseIAT :: API not found FF99CDA0
2019-05-14 02:48:32,500 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90ACC8
2019-05-14 02:48:32,500 [root] DEBUG: parseIAT :: API not found FF90ACC8
2019-05-14 02:48:32,500 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901324
2019-05-14 02:48:32,500 [root] DEBUG: parseIAT :: API not found FF901324
2019-05-14 02:48:32,500 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF905C6C
2019-05-14 02:48:32,500 [root] DEBUG: parseIAT :: API not found FF905C6C
2019-05-14 02:48:32,500 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CD2C
2019-05-14 02:48:32,532 [root] DEBUG: parseIAT :: API not found FF99CD2C
2019-05-14 02:48:32,532 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903950
2019-05-14 02:48:32,532 [root] DEBUG: parseIAT :: API not found FF903950
2019-05-14 02:48:32,532 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CD44
2019-05-14 02:48:32,532 [root] DEBUG: parseIAT :: API not found FF99CD44
2019-05-14 02:48:32,532 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903920
2019-05-14 02:48:32,532 [root] DEBUG: parseIAT :: API not found FF903920
2019-05-14 02:48:32,532 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CD74
2019-05-14 02:48:32,532 [root] DEBUG: parseIAT :: API not found FF99CD74
2019-05-14 02:48:32,532 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903938
2019-05-14 02:48:32,532 [root] DEBUG: parseIAT :: API not found FF903938
2019-05-14 02:48:32,532 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF941EC0
2019-05-14 02:48:32,532 [root] DEBUG: parseIAT :: API not found FF941EC0
2019-05-14 02:48:32,548 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF941740
2019-05-14 02:48:32,548 [root] DEBUG: parseIAT :: API not found FF941740
2019-05-14 02:48:32,548 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF94159C
2019-05-14 02:48:32,548 [root] DEBUG: parseIAT :: API not found FF94159C
2019-05-14 02:48:32,548 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9415EC
2019-05-14 02:48:32,548 [root] DEBUG: parseIAT :: API not found FF9415EC
2019-05-14 02:48:32,548 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF941998
2019-05-14 02:48:32,548 [root] DEBUG: parseIAT :: API not found FF941998
2019-05-14 02:48:32,548 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF941590
2019-05-14 02:48:32,548 [root] DEBUG: parseIAT :: API not found FF941590
2019-05-14 02:48:32,548 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903944
2019-05-14 02:48:32,548 [root] DEBUG: parseIAT :: API not found FF903944
2019-05-14 02:48:32,548 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF941610
2019-05-14 02:48:32,563 [root] DEBUG: parseIAT :: API not found FF941610
2019-05-14 02:48:32,563 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CE40
2019-05-14 02:48:32,563 [root] DEBUG: parseIAT :: API not found FF99CE40
2019-05-14 02:48:32,563 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99D010
2019-05-14 02:48:32,563 [root] DEBUG: parseIAT :: API not found FF99D010
2019-05-14 02:48:32,563 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99D1C4
2019-05-14 02:48:32,563 [root] DEBUG: parseIAT :: API not found FF99D1C4
2019-05-14 02:48:32,563 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99D2DC
2019-05-14 02:48:32,563 [root] DEBUG: parseIAT :: API not found FF99D2DC
2019-05-14 02:48:32,563 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99D2EC
2019-05-14 02:48:32,563 [root] DEBUG: parseIAT :: API not found FF99D2EC
2019-05-14 02:48:32,563 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9457B4
2019-05-14 02:48:32,578 [root] DEBUG: parseIAT :: API not found FF9457B4
2019-05-14 02:48:32,578 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CCF0
2019-05-14 02:48:32,578 [root] DEBUG: parseIAT :: API not found FF99CCF0
2019-05-14 02:48:32,578 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99D45C
2019-05-14 02:48:32,578 [root] DEBUG: parseIAT :: API not found FF99D45C
2019-05-14 02:48:32,578 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99D558
2019-05-14 02:48:32,578 [root] DEBUG: parseIAT :: API not found FF99D558
2019-05-14 02:48:32,578 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99D620
2019-05-14 02:48:32,578 [root] DEBUG: parseIAT :: API not found FF99D620
2019-05-14 02:48:32,578 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF905A70
2019-05-14 02:48:32,578 [root] DEBUG: parseIAT :: API not found FF905A70
2019-05-14 02:48:32,578 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CD0C
2019-05-14 02:48:32,578 [root] DEBUG: parseIAT :: API not found FF99CD0C
2019-05-14 02:48:32,595 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF936D98
2019-05-14 02:48:32,595 [root] DEBUG: parseIAT :: API not found FF936D98
2019-05-14 02:48:32,595 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99D498
2019-05-14 02:48:32,595 [root] DEBUG: parseIAT :: API not found FF99D498
2019-05-14 02:48:32,595 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CD1C
2019-05-14 02:48:32,595 [root] DEBUG: parseIAT :: API not found FF99CD1C
2019-05-14 02:48:32,595 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF941D00
2019-05-14 02:48:32,595 [root] DEBUG: parseIAT :: API not found FF941D00
2019-05-14 02:48:32,595 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99D6BC
2019-05-14 02:48:32,595 [root] DEBUG: parseIAT :: API not found FF99D6BC
2019-05-14 02:48:32,595 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF936840
2019-05-14 02:48:32,595 [root] DEBUG: parseIAT :: API not found FF936840
2019-05-14 02:48:32,611 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:32,611 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:32,611 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901788
2019-05-14 02:48:32,611 [root] DEBUG: parseIAT :: API not found FF901788
2019-05-14 02:48:32,611 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903C90
2019-05-14 02:48:32,611 [root] DEBUG: parseIAT :: API not found FF903C90
2019-05-14 02:48:32,611 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF907D98
2019-05-14 02:48:32,611 [root] DEBUG: parseIAT :: API not found FF907D98
2019-05-14 02:48:32,611 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9017E8
2019-05-14 02:48:32,611 [root] DEBUG: parseIAT :: API not found FF9017E8
2019-05-14 02:48:32,611 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90A5B0
2019-05-14 02:48:32,611 [root] DEBUG: parseIAT :: API not found FF90A5B0
2019-05-14 02:48:32,611 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF905C84
2019-05-14 02:48:32,625 [root] DEBUG: parseIAT :: API not found FF905C84
2019-05-14 02:48:32,625 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90B220
2019-05-14 02:48:32,625 [root] DEBUG: parseIAT :: API not found FF90B220
2019-05-14 02:48:32,625 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90688C
2019-05-14 02:48:32,625 [root] DEBUG: parseIAT :: API not found FF90688C
2019-05-14 02:48:32,625 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9076C8
2019-05-14 02:48:32,625 [root] DEBUG: parseIAT :: API not found FF9076C8
2019-05-14 02:48:32,625 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903AA8
2019-05-14 02:48:32,625 [root] DEBUG: parseIAT :: API not found FF903AA8
2019-05-14 02:48:32,625 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF905B10
2019-05-14 02:48:32,625 [root] DEBUG: parseIAT :: API not found FF905B10
2019-05-14 02:48:32,625 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF905DC0
2019-05-14 02:48:32,625 [root] DEBUG: parseIAT :: API not found FF905DC0
2019-05-14 02:48:32,641 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9075B0
2019-05-14 02:48:32,641 [root] DEBUG: parseIAT :: API not found FF9075B0
2019-05-14 02:48:32,641 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9579CC
2019-05-14 02:48:32,641 [root] DEBUG: parseIAT :: API not found FF9579CC
2019-05-14 02:48:32,641 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9579EC
2019-05-14 02:48:32,641 [root] DEBUG: parseIAT :: API not found FF9579EC
2019-05-14 02:48:32,641 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90AB68
2019-05-14 02:48:32,641 [root] DEBUG: parseIAT :: API not found FF90AB68
2019-05-14 02:48:32,641 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF905460
2019-05-14 02:48:32,641 [root] DEBUG: parseIAT :: API not found FF905460
2019-05-14 02:48:32,641 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF903D34
2019-05-14 02:48:32,657 [root] DEBUG: parseIAT :: API not found FF903D34
2019-05-14 02:48:32,657 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF907680
2019-05-14 02:48:32,657 [root] DEBUG: parseIAT :: API not found FF907680
2019-05-14 02:48:32,657 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AE02C
2019-05-14 02:48:32,657 [root] DEBUG: parseIAT :: API not found FF9AE02C
2019-05-14 02:48:32,657 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9370D8
2019-05-14 02:48:32,657 [root] DEBUG: parseIAT :: API not found FF9370D8
2019-05-14 02:48:32,657 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AD840
2019-05-14 02:48:32,657 [root] DEBUG: parseIAT :: API not found FF9AD840
2019-05-14 02:48:32,657 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9245D4
2019-05-14 02:48:32,657 [root] DEBUG: parseIAT :: API not found FF9245D4
2019-05-14 02:48:32,657 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9245C0
2019-05-14 02:48:32,657 [root] DEBUG: parseIAT :: API not found FF9245C0
2019-05-14 02:48:32,673 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AD8C8
2019-05-14 02:48:32,673 [root] DEBUG: parseIAT :: API not found FF9AD8C8
2019-05-14 02:48:32,673 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF944748
2019-05-14 02:48:32,673 [root] DEBUG: parseIAT :: API not found FF944748
2019-05-14 02:48:32,673 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF944190
2019-05-14 02:48:32,673 [root] DEBUG: parseIAT :: API not found FF944190
2019-05-14 02:48:32,673 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF94533C
2019-05-14 02:48:32,673 [root] DEBUG: parseIAT :: API not found FF94533C
2019-05-14 02:48:32,673 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9457C0
2019-05-14 02:48:32,673 [root] DEBUG: parseIAT :: API not found FF9457C0
2019-05-14 02:48:32,673 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF942BE0
2019-05-14 02:48:32,673 [root] DEBUG: parseIAT :: API not found FF942BE0
2019-05-14 02:48:32,673 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9049D8
2019-05-14 02:48:32,688 [root] DEBUG: parseIAT :: API not found FF9049D8
2019-05-14 02:48:32,688 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9366D4
2019-05-14 02:48:32,688 [root] DEBUG: parseIAT :: API not found FF9366D4
2019-05-14 02:48:32,688 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AD970
2019-05-14 02:48:32,688 [root] DEBUG: parseIAT :: API not found FF9AD970
2019-05-14 02:48:32,688 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90B88C
2019-05-14 02:48:32,688 [root] DEBUG: parseIAT :: API not found FF90B88C
2019-05-14 02:48:32,688 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF958F90
2019-05-14 02:48:32,688 [root] DEBUG: parseIAT :: API not found FF958F90
2019-05-14 02:48:32,688 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9ADA00
2019-05-14 02:48:32,688 [root] DEBUG: parseIAT :: API not found FF9ADA00
2019-05-14 02:48:32,688 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9063CC
2019-05-14 02:48:32,703 [root] DEBUG: parseIAT :: API not found FF9063CC
2019-05-14 02:48:32,703 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF906080
2019-05-14 02:48:32,703 [root] DEBUG: parseIAT :: API not found FF906080
2019-05-14 02:48:32,703 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AE1A4
2019-05-14 02:48:32,703 [root] DEBUG: parseIAT :: API not found FF9AE1A4
2019-05-14 02:48:32,703 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF942F78
2019-05-14 02:48:32,703 [root] DEBUG: parseIAT :: API not found FF942F78
2019-05-14 02:48:32,703 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901860
2019-05-14 02:48:32,703 [root] DEBUG: parseIAT :: API not found FF901860
2019-05-14 02:48:32,703 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF902020
2019-05-14 02:48:32,720 [root] DEBUG: parseIAT :: API not found FF902020
2019-05-14 02:48:32,720 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AE04C
2019-05-14 02:48:32,720 [root] DEBUG: parseIAT :: API not found FF9AE04C
2019-05-14 02:48:32,720 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AE068
2019-05-14 02:48:32,720 [root] DEBUG: parseIAT :: API not found FF9AE068
2019-05-14 02:48:32,720 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AE0D8
2019-05-14 02:48:32,720 [root] DEBUG: parseIAT :: API not found FF9AE0D8
2019-05-14 02:48:32,720 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF908D40
2019-05-14 02:48:32,720 [root] DEBUG: parseIAT :: API not found FF908D40
2019-05-14 02:48:32,720 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:32,734 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:32,734 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901788
2019-05-14 02:48:32,734 [root] DEBUG: parseIAT :: API not found FF901788
2019-05-14 02:48:32,734 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9017E8
2019-05-14 02:48:32,734 [root] DEBUG: parseIAT :: API not found FF9017E8
2019-05-14 02:48:32,734 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF908EB0
2019-05-14 02:48:32,734 [root] DEBUG: parseIAT :: API not found FF908EB0
2019-05-14 02:48:32,734 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9042FC
2019-05-14 02:48:32,734 [root] DEBUG: parseIAT :: API not found FF9042FC
2019-05-14 02:48:32,734 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90B3AC
2019-05-14 02:48:32,734 [root] DEBUG: parseIAT :: API not found FF90B3AC
2019-05-14 02:48:32,734 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF986570
2019-05-14 02:48:32,734 [root] DEBUG: parseIAT :: API not found FF986570
2019-05-14 02:48:32,750 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,750 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,750 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901760
2019-05-14 02:48:32,750 [root] DEBUG: parseIAT :: API not found FF901760
2019-05-14 02:48:32,750 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99CA60
2019-05-14 02:48:32,750 [root] DEBUG: parseIAT :: API not found FF99CA60
2019-05-14 02:48:32,750 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90A3EC
2019-05-14 02:48:32,750 [root] DEBUG: parseIAT :: API not found FF90A3EC
2019-05-14 02:48:32,750 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,750 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,750 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901760
2019-05-14 02:48:32,750 [root] DEBUG: parseIAT :: API not found FF901760
2019-05-14 02:48:32,766 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90AE50
2019-05-14 02:48:32,766 [root] DEBUG: parseIAT :: API not found FF90AE50
2019-05-14 02:48:32,766 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF934860
2019-05-14 02:48:32,766 [root] DEBUG: parseIAT :: API not found FF934860
2019-05-14 02:48:32,766 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,766 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,766 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901760
2019-05-14 02:48:32,766 [root] DEBUG: parseIAT :: API not found FF901760
2019-05-14 02:48:32,766 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF93440C
2019-05-14 02:48:32,766 [root] DEBUG: parseIAT :: API not found FF93440C
2019-05-14 02:48:32,766 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901AAC
2019-05-14 02:48:32,766 [root] DEBUG: parseIAT :: API not found FF901AAC
2019-05-14 02:48:32,782 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,782 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,782 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901760
2019-05-14 02:48:32,782 [root] DEBUG: parseIAT :: API not found FF901760
2019-05-14 02:48:32,782 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901A2C
2019-05-14 02:48:32,782 [root] DEBUG: parseIAT :: API not found FF901A2C
2019-05-14 02:48:32,782 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF93684C
2019-05-14 02:48:32,782 [root] DEBUG: parseIAT :: API not found FF93684C
2019-05-14 02:48:32,782 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,782 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,782 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901760
2019-05-14 02:48:32,782 [root] DEBUG: parseIAT :: API not found FF901760
2019-05-14 02:48:32,798 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF934500
2019-05-14 02:48:32,798 [root] DEBUG: parseIAT :: API not found FF934500
2019-05-14 02:48:32,798 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF908D50
2019-05-14 02:48:32,798 [root] DEBUG: parseIAT :: API not found FF908D50
2019-05-14 02:48:32,798 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,798 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,798 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901760
2019-05-14 02:48:32,798 [root] DEBUG: parseIAT :: API not found FF901760
2019-05-14 02:48:32,798 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90B50C
2019-05-14 02:48:32,798 [root] DEBUG: parseIAT :: API not found FF90B50C
2019-05-14 02:48:32,798 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AF0C0
2019-05-14 02:48:32,812 [root] DEBUG: parseIAT :: API not found FF9AF0C0
2019-05-14 02:48:32,812 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,812 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,812 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901760
2019-05-14 02:48:32,812 [root] DEBUG: parseIAT :: API not found FF901760
2019-05-14 02:48:32,812 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEFF8
2019-05-14 02:48:32,812 [root] DEBUG: parseIAT :: API not found FF9AEFF8
2019-05-14 02:48:32,812 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B5E5C
2019-05-14 02:48:32,812 [root] DEBUG: parseIAT :: API not found FF9B5E5C
2019-05-14 02:48:32,812 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,828 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,828 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B5E74
2019-05-14 02:48:32,828 [root] DEBUG: parseIAT :: API not found FF9B5E74
2019-05-14 02:48:32,828 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B5E9C
2019-05-14 02:48:32,828 [root] DEBUG: parseIAT :: API not found FF9B5E9C
2019-05-14 02:48:32,828 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B5EBC
2019-05-14 02:48:32,828 [root] DEBUG: parseIAT :: API not found FF9B5EBC
2019-05-14 02:48:32,828 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B5EE4
2019-05-14 02:48:32,828 [root] DEBUG: parseIAT :: API not found FF9B5EE4
2019-05-14 02:48:32,828 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B5EF4
2019-05-14 02:48:32,828 [root] DEBUG: parseIAT :: API not found FF9B5EF4
2019-05-14 02:48:32,845 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B5F04
2019-05-14 02:48:32,845 [root] DEBUG: parseIAT :: API not found FF9B5F04
2019-05-14 02:48:32,845 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B5F18
2019-05-14 02:48:32,845 [root] DEBUG: parseIAT :: API not found FF9B5F18
2019-05-14 02:48:32,845 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF986570
2019-05-14 02:48:32,845 [root] DEBUG: parseIAT :: API not found FF986570
2019-05-14 02:48:32,845 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,845 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,845 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF98A554
2019-05-14 02:48:32,845 [root] DEBUG: parseIAT :: API not found FF98A554
2019-05-14 02:48:32,845 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF994D48
2019-05-14 02:48:32,859 [root] DEBUG: parseIAT :: API not found FF994D48
2019-05-14 02:48:32,859 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9018A8
2019-05-14 02:48:32,859 [root] DEBUG: parseIAT :: API not found FF9018A8
2019-05-14 02:48:32,859 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,859 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,859 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901874
2019-05-14 02:48:32,859 [root] DEBUG: parseIAT :: API not found FF901874
2019-05-14 02:48:32,859 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF91B6E8
2019-05-14 02:48:32,859 [root] DEBUG: parseIAT :: API not found FF91B6E8
2019-05-14 02:48:32,859 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF954BC8
2019-05-14 02:48:32,859 [root] DEBUG: parseIAT :: API not found FF954BC8
2019-05-14 02:48:32,875 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,875 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,875 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901874
2019-05-14 02:48:32,875 [root] DEBUG: parseIAT :: API not found FF901874
2019-05-14 02:48:32,875 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9554D8
2019-05-14 02:48:32,875 [root] DEBUG: parseIAT :: API not found FF9554D8
2019-05-14 02:48:32,875 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF994E08
2019-05-14 02:48:32,875 [root] DEBUG: parseIAT :: API not found FF994E08
2019-05-14 02:48:32,875 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,875 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,875 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901874
2019-05-14 02:48:32,891 [root] DEBUG: parseIAT :: API not found FF901874
2019-05-14 02:48:32,891 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF994D48
2019-05-14 02:48:32,891 [root] DEBUG: parseIAT :: API not found FF994D48
2019-05-14 02:48:32,891 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9593B4
2019-05-14 02:48:32,891 [root] DEBUG: parseIAT :: API not found FF9593B4
2019-05-14 02:48:32,891 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,891 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,891 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901874
2019-05-14 02:48:32,891 [root] DEBUG: parseIAT :: API not found FF901874
2019-05-14 02:48:32,891 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9399F0
2019-05-14 02:48:32,891 [root] DEBUG: parseIAT :: API not found FF9399F0
2019-05-14 02:48:32,907 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF954B34
2019-05-14 02:48:32,907 [root] DEBUG: parseIAT :: API not found FF954B34
2019-05-14 02:48:32,907 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,907 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,907 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901874
2019-05-14 02:48:32,907 [root] DEBUG: parseIAT :: API not found FF901874
2019-05-14 02:48:32,907 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9556B0
2019-05-14 02:48:32,907 [root] DEBUG: parseIAT :: API not found FF9556B0
2019-05-14 02:48:32,907 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF952580
2019-05-14 02:48:32,907 [root] DEBUG: parseIAT :: API not found FF952580
2019-05-14 02:48:32,907 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,907 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,923 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF94E334
2019-05-14 02:48:32,923 [root] DEBUG: parseIAT :: API not found FF94E334
2019-05-14 02:48:32,923 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF952AF8
2019-05-14 02:48:32,923 [root] DEBUG: parseIAT :: API not found FF952AF8
2019-05-14 02:48:32,923 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF953104
2019-05-14 02:48:32,923 [root] DEBUG: parseIAT :: API not found FF953104
2019-05-14 02:48:32,923 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF953460
2019-05-14 02:48:32,923 [root] DEBUG: parseIAT :: API not found FF953460
2019-05-14 02:48:32,923 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90E288
2019-05-14 02:48:32,923 [root] DEBUG: parseIAT :: API not found FF90E288
2019-05-14 02:48:32,923 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,923 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,937 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901874
2019-05-14 02:48:32,937 [root] DEBUG: parseIAT :: API not found FF901874
2019-05-14 02:48:32,937 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF939DB8
2019-05-14 02:48:32,937 [root] DEBUG: parseIAT :: API not found FF939DB8
2019-05-14 02:48:32,937 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF953EA8
2019-05-14 02:48:32,937 [root] DEBUG: parseIAT :: API not found FF953EA8
2019-05-14 02:48:32,937 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901728
2019-05-14 02:48:32,937 [root] DEBUG: parseIAT :: API not found FF901728
2019-05-14 02:48:32,937 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF94E3CC
2019-05-14 02:48:32,937 [root] DEBUG: parseIAT :: API not found FF94E3CC
2019-05-14 02:48:32,937 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF997070
2019-05-14 02:48:32,937 [root] DEBUG: parseIAT :: API not found FF997070
2019-05-14 02:48:32,953 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF94E368
2019-05-14 02:48:32,953 [root] DEBUG: parseIAT :: API not found FF94E368
2019-05-14 02:48:32,953 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99E0CC
2019-05-14 02:48:32,953 [root] DEBUG: parseIAT :: API not found FF99E0CC
2019-05-14 02:48:32,953 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:32,953 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:32,953 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901788
2019-05-14 02:48:32,953 [root] DEBUG: parseIAT :: API not found FF901788
2019-05-14 02:48:32,953 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9019EC
2019-05-14 02:48:32,953 [root] DEBUG: parseIAT :: API not found FF9019EC
2019-05-14 02:48:32,953 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF99E0BC
2019-05-14 02:48:32,969 [root] DEBUG: parseIAT :: API not found FF99E0BC
2019-05-14 02:48:32,969 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B041C
2019-05-14 02:48:32,969 [root] DEBUG: parseIAT :: API not found FF9B041C
2019-05-14 02:48:32,969 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:32,969 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:32,969 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF901788
2019-05-14 02:48:32,969 [root] DEBUG: parseIAT :: API not found FF901788
2019-05-14 02:48:32,969 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AF0D8
2019-05-14 02:48:32,969 [root] DEBUG: parseIAT :: API not found FF9AF0D8
2019-05-14 02:48:32,969 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AF6AC
2019-05-14 02:48:32,969 [root] DEBUG: parseIAT :: API not found FF9AF6AC
2019-05-14 02:48:32,969 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AF328
2019-05-14 02:48:32,984 [root] DEBUG: parseIAT :: API not found FF9AF328
2019-05-14 02:48:32,984 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AF6F0
2019-05-14 02:48:32,984 [root] DEBUG: parseIAT :: API not found FF9AF6F0
2019-05-14 02:48:32,984 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AF7D8
2019-05-14 02:48:32,984 [root] DEBUG: parseIAT :: API not found FF9AF7D8
2019-05-14 02:48:32,984 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AFCCC
2019-05-14 02:48:32,984 [root] DEBUG: parseIAT :: API not found FF9AFCCC
2019-05-14 02:48:32,984 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AFDEC
2019-05-14 02:48:32,984 [root] DEBUG: parseIAT :: API not found FF9AFDEC
2019-05-14 02:48:32,984 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AFE84
2019-05-14 02:48:32,984 [root] DEBUG: parseIAT :: API not found FF9AFE84
2019-05-14 02:48:32,984 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AFE9C
2019-05-14 02:48:33,000 [root] DEBUG: parseIAT :: API not found FF9AFE9C
2019-05-14 02:48:33,000 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEE8C
2019-05-14 02:48:33,000 [root] DEBUG: parseIAT :: API not found FF9AEE8C
2019-05-14 02:48:33,000 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AF848
2019-05-14 02:48:33,000 [root] DEBUG: parseIAT :: API not found FF9AF848
2019-05-14 02:48:33,000 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AF878
2019-05-14 02:48:33,000 [root] DEBUG: parseIAT :: API not found FF9AF878
2019-05-14 02:48:33,000 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AFBB0
2019-05-14 02:48:33,000 [root] DEBUG: parseIAT :: API not found FF9AFBB0
2019-05-14 02:48:33,000 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AF8A8
2019-05-14 02:48:33,000 [root] DEBUG: parseIAT :: API not found FF9AF8A8
2019-05-14 02:48:33,000 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AFA6C
2019-05-14 02:48:33,016 [root] DEBUG: parseIAT :: API not found FF9AFA6C
2019-05-14 02:48:33,016 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AFA84
2019-05-14 02:48:33,016 [root] DEBUG: parseIAT :: API not found FF9AFA84
2019-05-14 02:48:33,016 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AFB64
2019-05-14 02:48:33,016 [root] DEBUG: parseIAT :: API not found FF9AFB64
2019-05-14 02:48:33,016 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEEA8
2019-05-14 02:48:33,016 [root] DEBUG: parseIAT :: API not found FF9AEEA8
2019-05-14 02:48:33,016 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEE98
2019-05-14 02:48:33,016 [root] DEBUG: parseIAT :: API not found FF9AEE98
2019-05-14 02:48:33,016 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEEB8
2019-05-14 02:48:33,016 [root] DEBUG: parseIAT :: API not found FF9AEEB8
2019-05-14 02:48:33,016 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B03D0
2019-05-14 02:48:33,032 [root] DEBUG: parseIAT :: API not found FF9B03D0
2019-05-14 02:48:33,032 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEEC4
2019-05-14 02:48:33,032 [root] DEBUG: parseIAT :: API not found FF9AEEC4
2019-05-14 02:48:33,032 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEED0
2019-05-14 02:48:33,032 [root] DEBUG: parseIAT :: API not found FF9AEED0
2019-05-14 02:48:33,032 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEEE4
2019-05-14 02:48:33,032 [root] DEBUG: parseIAT :: API not found FF9AEEE4
2019-05-14 02:48:33,032 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AFEDC
2019-05-14 02:48:33,032 [root] DEBUG: parseIAT :: API not found FF9AFEDC
2019-05-14 02:48:33,032 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEEF0
2019-05-14 02:48:33,032 [root] DEBUG: parseIAT :: API not found FF9AEEF0
2019-05-14 02:48:33,032 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B0244
2019-05-14 02:48:33,046 [root] DEBUG: parseIAT :: API not found FF9B0244
2019-05-14 02:48:33,046 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B02BC
2019-05-14 02:48:33,046 [root] DEBUG: parseIAT :: API not found FF9B02BC
2019-05-14 02:48:33,046 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9B0344
2019-05-14 02:48:33,046 [root] DEBUG: parseIAT :: API not found FF9B0344
2019-05-14 02:48:33,046 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEEFC
2019-05-14 02:48:33,046 [root] DEBUG: parseIAT :: API not found FF9AEEFC
2019-05-14 02:48:33,046 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9AEF08
2019-05-14 02:48:33,046 [root] DEBUG: parseIAT :: API not found FF9AEF08
2019-05-14 02:48:33,046 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9018C0
2019-05-14 02:48:33,046 [root] DEBUG: parseIAT :: API not found FF9018C0
2019-05-14 02:48:33,062 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:33,062 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:33,062 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90189C
2019-05-14 02:48:33,062 [root] DEBUG: parseIAT :: API not found FF90189C
2019-05-14 02:48:33,062 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9018CC
2019-05-14 02:48:33,062 [root] DEBUG: parseIAT :: API not found FF9018CC
2019-05-14 02:48:33,062 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90BBB8
2019-05-14 02:48:33,062 [root] DEBUG: parseIAT :: API not found FF90BBB8
2019-05-14 02:48:33,062 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90BBB8
2019-05-14 02:48:33,078 [root] DEBUG: parseIAT :: API not found FF90BBB8
2019-05-14 02:48:33,078 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90BBB8
2019-05-14 02:48:33,078 [root] DEBUG: parseIAT :: API not found FF90BBB8
2019-05-14 02:48:33,078 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90BBB8
2019-05-14 02:48:33,078 [root] DEBUG: parseIAT :: API not found FF90BBB8
2019-05-14 02:48:33,078 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF94B6EC
2019-05-14 02:48:33,078 [root] DEBUG: parseIAT :: API not found FF94B6EC
2019-05-14 02:48:33,078 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9591F0
2019-05-14 02:48:33,078 [root] DEBUG: parseIAT :: API not found FF9591F0
2019-05-14 02:48:33,078 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90BBB8
2019-05-14 02:48:33,078 [root] DEBUG: parseIAT :: API not found FF90BBB8
2019-05-14 02:48:33,094 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF954BBC
2019-05-14 02:48:33,094 [root] DEBUG: parseIAT :: API not found FF954BBC
2019-05-14 02:48:33,094 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:33,094 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:33,094 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90189C
2019-05-14 02:48:33,094 [root] DEBUG: parseIAT :: API not found FF90189C
2019-05-14 02:48:33,094 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9549E0
2019-05-14 02:48:33,094 [root] DEBUG: parseIAT :: API not found FF9549E0
2019-05-14 02:48:33,094 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF994EB4
2019-05-14 02:48:33,094 [root] DEBUG: parseIAT :: API not found FF994EB4
2019-05-14 02:48:33,109 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:33,109 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:33,109 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90189C
2019-05-14 02:48:33,109 [root] DEBUG: parseIAT :: API not found FF90189C
2019-05-14 02:48:33,109 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF994B70
2019-05-14 02:48:33,109 [root] DEBUG: parseIAT :: API not found FF994B70
2019-05-14 02:48:33,109 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF994EB4
2019-05-14 02:48:33,109 [root] DEBUG: parseIAT :: API not found FF994EB4
2019-05-14 02:48:33,109 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:33,109 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:33,109 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90189C
2019-05-14 02:48:33,125 [root] DEBUG: parseIAT :: API not found FF90189C
2019-05-14 02:48:33,125 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF994D74
2019-05-14 02:48:33,125 [root] DEBUG: parseIAT :: API not found FF994D74
2019-05-14 02:48:33,125 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF994EB4
2019-05-14 02:48:33,125 [root] DEBUG: parseIAT :: API not found FF994EB4
2019-05-14 02:48:33,125 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:33,125 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:33,125 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90189C
2019-05-14 02:48:33,125 [root] DEBUG: parseIAT :: API not found FF90189C
2019-05-14 02:48:33,125 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF994E20
2019-05-14 02:48:33,141 [root] DEBUG: parseIAT :: API not found FF994E20
2019-05-14 02:48:33,141 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF9593A8
2019-05-14 02:48:33,141 [root] DEBUG: parseIAT :: API not found FF9593A8
2019-05-14 02:48:33,141 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:33,141 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:33,141 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90189C
2019-05-14 02:48:33,141 [root] DEBUG: parseIAT :: API not found FF90189C
2019-05-14 02:48:33,141 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF950400
2019-05-14 02:48:33,141 [root] DEBUG: parseIAT :: API not found FF950400
2019-05-14 02:48:33,141 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF954B28
2019-05-14 02:48:33,141 [root] DEBUG: parseIAT :: API not found FF954B28
2019-05-14 02:48:33,141 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:33,157 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:33,157 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90189C
2019-05-14 02:48:33,157 [root] DEBUG: parseIAT :: API not found FF90189C
2019-05-14 02:48:33,157 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF954B4C
2019-05-14 02:48:33,157 [root] DEBUG: parseIAT :: API not found FF954B4C
2019-05-14 02:48:33,157 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF959194
2019-05-14 02:48:33,157 [root] DEBUG: parseIAT :: API not found FF959194
2019-05-14 02:48:33,157 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90173C
2019-05-14 02:48:33,157 [root] DEBUG: parseIAT :: API not found FF90173C
2019-05-14 02:48:33,157 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF90189C
2019-05-14 02:48:33,157 [root] DEBUG: parseIAT :: API not found FF90189C
2019-05-14 02:48:33,157 [root] DEBUG: getApiByVirtualAddress :: No Api found 00000000FF946B20
2019-05-14 02:48:33,171 [root] DEBUG: parseIAT :: API not found FF946B20
2019-05-14 02:48:33,171 [root] DEBUG: parseIAT :: API not found 00020400
2019-05-14 02:48:33,171 [root] DEBUG: IAT parsing finished, found 850 valid APIs, missed 315 APIs
2019-05-14 02:48:33,171 [root] DEBUG: Adding module to module list: advapi32.dll
2019-05-14 02:48:33,171 [root] DEBUG: Adding module to module list: kernel32.dll
2019-05-14 02:48:33,171 [root] DEBUG: Adding module to module list: gdi32.dll
2019-05-14 02:48:33,171 [root] DEBUG: Adding module to module list: user32.dll
2019-05-14 02:48:33,171 [root] DEBUG: Adding module to module list: msvcrt.dll
2019-05-14 02:48:33,171 [root] DEBUG: Adding module to module list: ntdll.dll
2019-05-14 02:48:33,171 [root] DEBUG: Adding module to module list: advapi32.dll
2019-05-14 02:48:33,171 [root] DEBUG: Adding module to module list: ntdll.dll
2019-05-14 02:48:33,171 [root] DEBUG: Adding module to module list: shlwapi.dll
2019-05-14 02:48:33,171 [root] DEBUG: Adding module to module list: shell32.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: shlwapi.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: shell32.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: ole32.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: oleaut32.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: ExplorerFrame.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: uxtheme.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: powrprof.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: dwmapi.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: slc.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: GdiPlus.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: secur32.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: rpcrt4.dll
2019-05-14 02:48:33,187 [root] DEBUG: Adding module to module list: propsys.dll
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,203 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,219 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,234 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] INFO: Waiting for process 1632 to exit.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,250 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,266 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,280 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,296 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,312 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,328 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,344 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,358 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,375 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,391 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,405 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,405 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,405 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,405 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,405 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,405 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,405 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,405 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,405 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,405 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,421 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,437 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,453 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,469 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,483 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,500 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,515 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,530 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,546 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,562 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,578 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,592 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,608 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,625 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,625 [root] DEBUG: API not found - added to module list.
2019-05-14 02:48:33,625 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2019-05-14 02:48:33,625 [root] DEBUG: Invalid PE file: import table rebuild failed.
2019-05-14 02:48:33,625 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2019-05-14 02:48:33,671 [root] INFO: Added new CAPE file to list with path: C:\QImXTY\CAPE\1632_14832384003348114252019
2019-05-14 02:48:34,263 [lib.api.process] INFO: Successfully terminated process with pid 1632.
2019-05-14 02:48:34,263 [root] INFO: Waiting for process 1632 to exit.
2019-05-14 02:48:35,278 [root] INFO: Shutting down package.
2019-05-14 02:48:35,278 [lib.api.process] WARNING: Unable to find process dump for process 2040.
2019-05-14 02:48:35,278 [lib.api.process] WARNING: Unable to find process dump for process 972.
2019-05-14 02:48:35,309 [lib.api.process] WARNING: Upload of memory dump for process 1632 failed.
2019-05-14 02:48:35,309 [root] INFO: Stopping auxiliary modules.
2019-05-14 02:48:35,325 [root] INFO: Finishing auxiliary modules.
2019-05-14 02:48:35,325 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-05-14 02:48:35,325 [root] WARNING: File at path "C:\QImXTY\debugger" does not exist, skip.
2019-05-14 02:48:35,325 [root] INFO: Analysis completed.

MalScore

4.0

Suspicious

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-05-14 01:44:58 2019-05-14 01:48:49

URL Details

URL
https://unimelbcloud-my.sharepoint.com/:b:/g/personal/naly_unimelb_edu_au/EYw-XWbM4-tMoE2FOlEOtWgB9khJeFEfSWL7i_oYjpUxqw?e=4%3aex2Jg5&at=9

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction
Dynamic (imported) function loading detected
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: IEUI.dll/InitGadgets
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/SetProcessDEPPolicy
DynamicLoader: USER32.dll/SetProcessDPIAware
DynamicLoader: SHELL32.dll/SetCurrentProcessExplicitAppUserModelID
DynamicLoader: USER32.dll/GetShellWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: IEFRAME.dll/
DynamicLoader: kernel32.dll/WerSetFlags
DynamicLoader: comctl32.dll/PropertySheetW
DynamicLoader: comctl32.dll/PropertySheetA
DynamicLoader: comdlg32.dll/PageSetupDlgW
DynamicLoader: comdlg32.dll/PrintDlgW
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: IEShims.dll/IEShims_Initialize
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: USER32.dll/SetWindowsHookExW
DynamicLoader: USER32.dll/FindWindowExA
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: ntdll.dll/LdrRegisterDllNotification
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: kernel32.dll/WerRegisterMemoryBlock
DynamicLoader: kernel32.dll/WerUnregisterMemoryBlock
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: RPCRT4.dll/RpcServerUseProtseqW
DynamicLoader: RPCRT4.dll/RpcServerRegisterIfEx
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: RPCRT4.dll/RpcServerInqBindings
DynamicLoader: RPCRT4.dll/RpcEpRegisterW
DynamicLoader: RPCRT4.dll/RpcServerListen
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: USER32.dll/RegisterClassExW
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/TraceMessage
DynamicLoader: ADVAPI32.dll/TraceMessageVa
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: sqmapi.dll/SqmGetSession
DynamicLoader: sqmapi.dll/SqmEndSession
DynamicLoader: sqmapi.dll/SqmStartSession
DynamicLoader: sqmapi.dll/SqmStartUpload
DynamicLoader: sqmapi.dll/SqmWaitForUploadComplete
DynamicLoader: sqmapi.dll/SqmSet
DynamicLoader: sqmapi.dll/SqmSetBool
DynamicLoader: sqmapi.dll/SqmSetBits
DynamicLoader: sqmapi.dll/SqmSetString
DynamicLoader: sqmapi.dll/SqmIncrement
DynamicLoader: sqmapi.dll/SqmSetIfMax
DynamicLoader: sqmapi.dll/SqmSetIfMin
DynamicLoader: sqmapi.dll/SqmAddToAverage
DynamicLoader: sqmapi.dll/SqmAddToStreamDWord
DynamicLoader: sqmapi.dll/SqmAddToStreamString
DynamicLoader: sqmapi.dll/SqmSetAppId
DynamicLoader: sqmapi.dll/SqmSetAppVersion
DynamicLoader: sqmapi.dll/SqmSetMachineId
DynamicLoader: sqmapi.dll/SqmSetUserId
DynamicLoader: sqmapi.dll/SqmCreateNewId
DynamicLoader: sqmapi.dll/SqmReadSharedMachineId
DynamicLoader: sqmapi.dll/SqmReadSharedUserId
DynamicLoader: sqmapi.dll/SqmWriteSharedMachineId
DynamicLoader: sqmapi.dll/SqmWriteSharedUserId
DynamicLoader: sqmapi.dll/SqmIsWindowsOptedIn
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: sechost.dll/ConvertSidToStringSidW
Stack pivoting was detected when using a critical API
process: iexplore.exe:972

Screenshots


Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E3939344-75E9-11E9-8662-000C2940B9FB}.dat
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Windows\SysWOW64\shell32.dll
\Device\KsecDD
C:\Program Files (x86)\Internet Explorer\sqmapi.dll
C:\Users\user\Favorites
C:\
C:\Users
C:\Users\user\AppData\Local\Microsoft\Windows\Caches
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
\??\MountPointManager
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\desktop.ini
C:\Users\user
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E3939344-75E9-11E9-8662-000C2940B9FB}.dat
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Windows\SysWOW64\shell32.dll
\Device\KsecDD
C:\Program Files (x86)\Internet Explorer\sqmapi.dll
C:\
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\desktop.ini
C:\Users
C:\Users\user
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E3939344-75E9-11E9-8662-000C2940B9FB}.dat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3939344-75E9-11E9-8662-000C2940B9FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AcRedir
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabShutdownDelay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SQM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_LOCAL_MACHINE\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AcRedir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabShutdownDelay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3939344-75E9-11E9-8662-000C2940B9FB}
iphlpapi.dll.GetAdaptersAddresses
dhcpcsvc.dll.DhcpRequestParams
comctl32.dll.LoadIconWithScaleDown
ieui.dll.InitGadgets
advapi32.dll.EventWrite
advapi32.dll.EventRegister
advapi32.dll.EventUnregister
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
kernel32.dll.SetProcessDEPPolicy
user32.dll.SetProcessDPIAware
shell32.dll.SetCurrentProcessExplicitAppUserModelID
user32.dll.GetShellWindow
user32.dll.GetWindowThreadProcessId
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ieframe.dll.#251
kernel32.dll.WerSetFlags
comctl32.dll.PropertySheetW
comctl32.dll.PropertySheetA
comdlg32.dll.PageSetupDlgW
comdlg32.dll.PrintDlgW
ieshims.dll.IEShims_Initialize
kernel32.dll.VirtualProtect
user32.dll.SetWindowsHookExW
user32.dll.FindWindowExA
kernel32.dll.WaitForSingleObject
kernel32.dll.CreateProcessW
kernel32.dll.CreateProcessA
advapi32.dll.RegQueryValueA
ntdll.dll.LdrRegisterDllNotification
ole32.dll.CoGetApartmentType
ole32.dll.CoTaskMemFree
comctl32.dll.#236
oleaut32.dll.#6
ole32.dll.CoTaskMemAlloc
ole32.dll.CoGetMalloc
cryptbase.dll.SystemFunction036
kernel32.dll.WerRegisterMemoryBlock
kernel32.dll.WerUnregisterMemoryBlock
user32.dll.RegisterWindowMessageW
rpcrt4.dll.RpcServerUseProtseqW
rpcrt4.dll.RpcServerRegisterIfEx
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
rpcrt4.dll.RpcServerInqBindings
rpcrt4.dll.RpcEpRegisterW
rpcrt4.dll.RpcServerListen
shell32.dll.SHGetInstanceExplorer
user32.dll.RegisterClassExW
user32.dll.CreateWindowExW
user32.dll.DefWindowProcW
user32.dll.SetWindowLongW
ole32.dll.CoInitializeEx
user32.dll.MsgWaitForMultipleObjectsEx
urlmon.dll.#400
shell32.dll.SHGetFolderPathW
advapi32.dll.TraceMessage
advapi32.dll.TraceMessageVa
kernel32.dll.IsWow64Process
sqmapi.dll.SqmGetSession
sqmapi.dll.SqmEndSession
sqmapi.dll.SqmStartSession
sqmapi.dll.SqmStartUpload
sqmapi.dll.SqmWaitForUploadComplete
sqmapi.dll.SqmSet
sqmapi.dll.SqmSetBool
sqmapi.dll.SqmSetBits
sqmapi.dll.SqmSetString
sqmapi.dll.SqmIncrement
sqmapi.dll.SqmSetIfMax
sqmapi.dll.SqmSetIfMin
sqmapi.dll.SqmAddToAverage
sqmapi.dll.SqmAddToStreamDWord
sqmapi.dll.SqmAddToStreamString
sqmapi.dll.SqmSetAppId
sqmapi.dll.SqmSetAppVersion
sqmapi.dll.SqmSetMachineId
sqmapi.dll.SqmSetUserId
sqmapi.dll.SqmCreateNewId
sqmapi.dll.SqmReadSharedMachineId
sqmapi.dll.SqmReadSharedUserId
sqmapi.dll.SqmWriteSharedMachineId
sqmapi.dll.SqmWriteSharedUserId
sqmapi.dll.SqmIsWindowsOptedIn
advapi32.dll.OpenThreadToken
ole32.dll.CreateBindCtx
ole32.dll.CoRegisterInitializeSpy
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
comctl32.dll.#328
comctl32.dll.#334
advapi32.dll.RegEnumKeyW
oleaut32.dll.#2
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
ole32.dll.CoCreateInstance
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#332
comctl32.dll.#386
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
ntmarta.dll.GetMartaExtensionInterface
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.IsTextUnicode
comctl32.dll.#338
comctl32.dll.#339
shell32.dll.#102
ole32.dll.CoUninitialize
sechost.dll.ConvertSidToStringSidW

Process Tree

  • iexplore.exe 2040 "https://unimelbcloud-my.sharepoint.com/:b:/g/personal/naly_unimelb_edu_au/EYw-XWbM4-tMoE2FOlEOtWgB9khJeFEfSWL7i_oYjpUxqw?e=4%3aex2Jg5&at=9"
  • explorer.exe 1632

iexplore.exe, PID: 2040, Parent PID: 2480
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "https://unimelbcloud-my.sharepoint.com/:b:/g/personal/naly_unimelb_edu_au/EYw-XWbM4-tMoE2FOlEOtWgB9khJeFEfSWL7i_oYjpUxqw?e=4%3aex2Jg5&at=9"
iexplore.exe, PID: 972, Parent PID: 2040
Full Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Command Line: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2040 CREDAT:79873
explorer.exe, PID: 1632, Parent PID: 1496
Full Path: C:\Windows\explorer.exe
Command Line: C:\Windows\Explorer.EXE

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Process Name explorer.exe
PID 1632
Dump Size 2871808 bytes
Module Path C:\Windows\explorer.exe
Type PE image: 64-bit executable
MD5 57e532544f37eea9d5fd59384958c08e
SHA1 90d9f74a00bb4b1b50db0ff8d316cbb89430077f
SHA256 522b284e438a7f906be62050690ddb6cf0ab6a5578954306bb192e6dd2c2be5a
CRC32 9E2BF466
Ssdeep 49152:JxrceI/lIRYraisQhFCUuJvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2W:DrcPlIWsvYYYYYYYYYYYRYYYYYYYYYY4
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 522b284e438a7f906be62050690ddb6cf0ab6a5578954306bb192e6dd2c2be5a
Download

Full Dump Information

Process Name explorer.exe
Executable Path C:\Windows\explorer.exe
Yara None matched
Full Dump Download
Process Strings Download

Address Space

Start End Size Protection PE Download
0x00010000 0x00022000 0x00012000 Mixed No Download
0x00010000 0x00020000 0x00010000 RW Download
0x00020000 0x00022000 0x00002000 R Download
0x00030000 0x00034000 0x00004000 R No Download
0x00040000 0x00042000 0x00002000 R No Download
0x00050000 0x00051000 0x00001000 RW No Download
0x000ce000 0x000e6000 0x00018000 Mixed No Download
0x000ce000 0x000e0000 0x00012000 RW Download
0x000e0000 0x000e6000 0x00006000 R Download
0x000f0000 0x00257000 0x00167000 Mixed No Download
0x000f0000 0x001f0000 0x00100000 RW Download
0x001f0000 0x00257000 0x00067000 R Download
0x00260000 0x00261000 0x00001000 RW No Download
0x00270000 0x00271000 0x00001000 RW No Download
0x00280000 0x00395000 0x00115000 Mixed No Download
0x00280000 0x00290000 0x00010000 RW Download
0x00290000 0x00390000 0x00100000 RW Download
0x00390000 0x00395000 0x00005000 R Download
0x00510000 0x00513000 0x00003000 R No Download
0x00520000 0x006a1000 0x00181000 R No Download
0x006b0000 0x006f3000 0x00043000 R No Download
0x01ab0000 0x01ea3000 0x003f3000 R No Download
0x01eb0000 0x01eb1000 0x00001000 RW No Download
0x01ec0000 0x01ec2000 0x00002000 RW No Download
0x01f00000 0x01f01000 0x00001000 RW No Download
0x01f10000 0x01f12000 0x00002000 R No Download
0x01f20000 0x01f21000 0x00001000 R No Download
0x01f30000 0x01f32000 0x00002000 R No Download
0x01f40000 0x01f41000 0x00001000 RW No Download
0x01fc2000 0x01fd1000 0x0000f000 Mixed No Download
0x01fc2000 0x01fd0000 0x0000e000 RW Download
0x01fd0000 0x01fd1000 0x00001000 R Download
0x01fe0000 0x02005000 0x00025000 RW No Download

Comments



No comments posted

Processing ( 17.717 seconds )

  • 10.012 Static
  • 2.877 ProcessMemory
  • 2.419 CAPE
  • 1.741 ProcDump
  • 0.589 BehaviorAnalysis
  • 0.063 Deduplicate
  • 0.007 AnalysisInfo
  • 0.007 NetworkAnalysis
  • 0.002 Debug

Signatures ( 0.522 seconds )

  • 0.302 antidbg_windows
  • 0.036 stealth_timeout
  • 0.031 antivm_vbox_window
  • 0.029 antiav_detectreg
  • 0.024 antisandbox_script_timer
  • 0.019 api_spamming
  • 0.011 infostealer_ftp
  • 0.006 antianalysis_detectreg
  • 0.006 infostealer_im
  • 0.004 infostealer_mail
  • 0.004 ransomware_files
  • 0.003 antivm_generic_scsi
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 antivm_vbox_keys
  • 0.003 ransomware_extensions
  • 0.002 antivm_vmware_keys
  • 0.002 geodo_banking_trojan
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.001 tinba_behavior
  • 0.001 malicious_dynamic_function_loading
  • 0.001 bootkit
  • 0.001 rat_nanocore
  • 0.001 Doppelganging
  • 0.001 recon_programs
  • 0.001 injection_createremotethread
  • 0.001 antivm_generic_services
  • 0.001 antiemu_wine_func
  • 0.001 betabot_behavior
  • 0.001 mimics_filetime
  • 0.001 InjectionCreateRemoteThread
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_disk
  • 0.001 dynamic_function_loading
  • 0.001 cerber_behavior
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vpc_keys
  • 0.001 antivm_xen_keys
  • 0.001 darkcomet_regkeys
  • 0.001 disables_browser_warn
  • 0.001 ie_martian_children
  • 0.001 recon_fingerprint

Reporting ( 0.303 seconds )

  • 0.301 Compression
  • 0.002 CompressResults
Task ID 73505
Mongo ID 5cda1e97f284882f53cb3bfe
Cuckoo release 1.3-CAPE
Delete