Analysis

Category Package Started Completed Duration Options Log
FILE Extraction 2020-02-14 14:51:00 2020-02-14 15:01:46 646 seconds Show Options Show Log
  • Info: The analysis hit the critical timeout, terminating.
route = inetsim
procdump = 0
2020-02-14 15:52:14,078 [root] INFO: Date set to: 02-14-20, time set to: 14:52:14, timeout set to: 200
2020-02-14 15:52:15,187 [root] DEBUG: Starting analyzer from: C:\fijzxxkep
2020-02-14 15:52:15,187 [root] DEBUG: Storing results at: C:\xnyzWYeX
2020-02-14 15:52:15,187 [root] DEBUG: Pipe server name: \\.\PIPE\FqDEwXz
2020-02-14 15:52:15,187 [root] INFO: Analysis package "Extraction" has been specified.
2020-02-14 15:52:28,250 [root] DEBUG: Started auxiliary module Browser
2020-02-14 15:52:28,250 [root] DEBUG: Started auxiliary module Curtain
2020-02-14 15:52:28,250 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2020-02-14 15:52:32,500 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-02-14 15:52:32,500 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-02-14 15:52:32,500 [root] DEBUG: Started auxiliary module DigiSig
2020-02-14 15:52:32,500 [root] DEBUG: Started auxiliary module Disguise
2020-02-14 15:52:32,500 [root] DEBUG: Started auxiliary module Human
2020-02-14 15:52:32,562 [root] DEBUG: Started auxiliary module Screenshots
2020-02-14 15:52:32,562 [root] DEBUG: Started auxiliary module Sysmon
2020-02-14 15:52:32,578 [root] DEBUG: Started auxiliary module Usage
2020-02-14 15:52:32,578 [root] INFO: Analyzer: Package modules.packages.Extraction does not specify a DLL option
2020-02-14 15:52:32,578 [root] INFO: Analyzer: Package modules.packages.Extraction does not specify a DLL_64 option
2020-02-14 15:52:37,546 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Rebecca\AppData\Local\Temp\PRODUCT INQUIRY.exe" with arguments "" with pid 2396
2020-02-14 15:52:44,155 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:52:44,155 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:52:44,155 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:52:44,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:52:44,171 [root] DEBUG: Loader: Injecting process 2396 (thread 2608) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:44,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:52:44,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:44,171 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:52:44,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:44,187 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2396
2020-02-14 15:52:46,187 [lib.api.process] INFO: Successfully resumed process with pid 2396
2020-02-14 15:52:46,187 [root] INFO: Added new process to list with pid: 2396
2020-02-14 15:52:46,592 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 15:52:46,592 [root] DEBUG: Capture of extracted payloads enabled.
2020-02-14 15:52:46,592 [root] DEBUG: Process dumps disabled.
2020-02-14 15:52:46,717 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 15:52:46,717 [root] INFO: Disabling sleep skipping.
2020-02-14 15:52:46,717 [root] INFO: Disabling sleep skipping.
2020-02-14 15:52:46,717 [root] INFO: Disabling sleep skipping.
2020-02-14 15:52:46,717 [root] INFO: Disabling sleep skipping.
2020-02-14 15:52:46,717 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 2396 at 0x6c630000, image base 0x400000, stack from 0x126000-0x130000
2020-02-14 15:52:46,717 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\"C:\Users\Rebecca\AppData\Local\Temp\PRODUCT INQUIRY.exe".
2020-02-14 15:52:46,717 [root] DEBUG: WoW64 not detected.
2020-02-14 15:52:46,717 [root] DEBUG: ExtractionInit: Debugger initialised.
2020-02-14 15:52:46,733 [root] DEBUG: AddTrackedRegion: Created new tracked region for address 0x00400000.
2020-02-14 15:52:46,733 [root] DEBUG: AddTrackedRegion: New region at 0x00400000 size 0x1000 added to tracked regions: EntryPoint 0x1234, Entropy 3.933356e+00
2020-02-14 15:52:46,733 [root] DEBUG: ExtractionInit: Adding main image base to tracked regions.
2020-02-14 15:52:46,733 [root] INFO: Monitor successfully loaded in process with pid 2396.
2020-02-14 15:52:48,000 [root] DEBUG: DLL loaded at 0x75920000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-02-14 15:52:48,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:52:48,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:52:48,000 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy 3.933356e+00.
2020-02-14 15:52:48,000 [root] DEBUG: ProtectionHandler: Adding region at 0x001E0000 to tracked regions.
2020-02-14 15:52:48,015 [root] DEBUG: AddTrackedRegion: Created new tracked region for address 0x001E0000.
2020-02-14 15:52:48,015 [root] DEBUG: AddTrackedRegion: New region at 0x001E0000 size 0x6000 added to tracked regions.
2020-02-14 15:52:48,015 [root] DEBUG: ProtectionHandler: Address: 0x001E0000 (alloc base 0x001E0000), NumberOfBytesToProtect: 0x6000, NewAccessProtection: 0x20
2020-02-14 15:52:48,015 [root] DEBUG: ProtectionHandler: New code detected at (0x001E0000), scanning for PE images.
2020-02-14 15:52:48,015 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1e6000.
2020-02-14 15:52:48,015 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1e6000.
2020-02-14 15:52:48,015 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001E6000.
2020-02-14 15:52:48,108 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_58890912048521414522020
2020-02-14 15:52:48,108 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_58890912048521414522020 (size 0x6000)
2020-02-14 15:52:48,108 [root] DEBUG: ProtectionHandler: dumped memory (sub)region at 0x001E0000, size 0x6000
2020-02-14 15:52:48,108 [root] DEBUG: DLL loaded at 0x75930000: C:\Windows\system32\SXS (0x5f000 bytes).
2020-02-14 15:52:50,733 [root] DEBUG: ProtectionHandler: Address 0x001E0000 already in tracked region at 0x001E0000, size 0x6000
2020-02-14 15:52:50,733 [root] DEBUG: ProtectionHandler: Address: 0x001E0000 (alloc base 0x001E0000), NumberOfBytesToProtect: 0xa000, NewAccessProtection: 0x20
2020-02-14 15:52:50,733 [root] DEBUG: ProtectionHandler: Increased region size at 0x001E0000 to 0xa000.
2020-02-14 15:52:50,733 [root] DEBUG: ProtectionHandler: New code detected at (0x001E0000), scanning for PE images.
2020-02-14 15:52:50,733 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:52:50,733 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:52:50,733 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:52:50,937 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_201271312450521414522020
2020-02-14 15:52:50,937 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_201271312450521414522020 (size 0xa000)
2020-02-14 15:52:50,937 [root] DEBUG: ProtectionHandler: dumped memory (sub)region at 0x001E0000, size 0xa000
2020-02-14 15:52:57,921 [root] DEBUG: DLL loaded at 0x74EC0000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-02-14 15:52:57,921 [root] DEBUG: DLL unloaded from 0x00400000.
2020-02-14 15:52:59,467 [root] DEBUG: Allocation: 0x00290000 - 0x00297000, size: 0x7000, protection: 0x40.
2020-02-14 15:52:59,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:52:59,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:52:59,467 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy 4.167400e+00.
2020-02-14 15:52:59,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:52:59,467 [root] DEBUG: AllocationHandler: Adding allocation to tracked region list: 0x00290000, size: 0x7000.
2020-02-14 15:52:59,467 [root] DEBUG: AddTrackedRegion: Created new tracked region for address 0x00290000.
2020-02-14 15:52:59,467 [root] DEBUG: AddTrackedRegion: New region at 0x00290000 size 0x7000 added to tracked regions.
2020-02-14 15:52:59,483 [root] DEBUG: ActivateBreakpoints: TrackedRegion->AllocationBase: 0x00290000, TrackedRegion->RegionSize: 0x7000, thread 2608
2020-02-14 15:52:59,483 [root] DEBUG: SetDebugRegister: Setting breakpoint 0 hThread=0xc4, Size=0x2, Address=0x00290000 and Type=0x1.
2020-02-14 15:52:59,483 [root] DEBUG: SetThreadBreakpoint: Set bp 0 thread id 2608 type 1 at address 0x00290000, size 2 with Callback 0x6c637890.
2020-02-14 15:52:59,483 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on empty protect address: 0x00290000
2020-02-14 15:52:59,483 [root] DEBUG: SetDebugRegister: Setting breakpoint 1 hThread=0xc4, Size=0x4, Address=0x0029003C and Type=0x1.
2020-02-14 15:52:59,483 [root] DEBUG: SetThreadBreakpoint: Set bp 1 thread id 2608 type 1 at address 0x0029003C, size 4 with Callback 0x6c6374e0.
2020-02-14 15:52:59,483 [root] DEBUG: ActivateBreakpoints: Set write breakpoint on e_lfanew address: 0x0029003C
2020-02-14 15:52:59,483 [root] DEBUG: AllocationHandler: Breakpoints set on newly-allocated executable region at: 0x00290000 (size 0x7000).
2020-02-14 15:52:59,483 [root] DEBUG: DLL unloaded from 0x77CB0000.
2020-02-14 15:52:59,483 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x0040AAB8 (thread 2608)
2020-02-14 15:52:59,483 [root] DEBUG: BaseAddressWriteCallback: Breakpoint 0 at Address 0x00290000.
2020-02-14 15:52:59,483 [root] DEBUG: ContextSetDebugRegister: Setting breakpoint 2 within Context, Size=0x0, Address=0x00290000 and Type=0x0.
2020-02-14 15:52:59,483 [root] DEBUG: BaseAddressWriteCallback: byte written to 0x290000: 0x81.
2020-02-14 15:52:59,483 [root] DEBUG: BaseAddressWriteCallback: Exec bp set on tracked region protect address.
2020-02-14 15:52:59,483 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x0040AAB8 (thread 2608)
2020-02-14 15:52:59,483 [root] DEBUG: PEPointerWriteCallback: Breakpoint 1 at Address 0x0029003C.
2020-02-14 15:52:59,483 [root] DEBUG: PEPointerWriteCallback: candidate pointer to PE header too big: 0x39eb752e (at 0x0029003C).
2020-02-14 15:52:59,483 [root] DEBUG: ContextSetNextAvailableBreakpoint: An identical breakpoint (2) at 0x00290000 already exists for thread 2608 (process 2396), skipping.
2020-02-14 15:52:59,483 [root] DEBUG: PEPointerWriteCallback: set write bp on AddressOfEntryPoint at 0x00290000.
2020-02-14 15:52:59,483 [root] DEBUG: CAPEExceptionFilter: breakpoint hit by instruction at 0x00290000 (thread 2608)
2020-02-14 15:52:59,500 [root] DEBUG: ShellcodeExecCallback: Breakpoint 2 at Address 0x00290000 (allocation base 0x00290000).
2020-02-14 15:52:59,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:52:59,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 0 address 0x00290000.
2020-02-14 15:52:59,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 1 address 0x0029003C.
2020-02-14 15:52:59,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoint 2 address 0x00290000.
2020-02-14 15:52:59,500 [root] DEBUG: ShellcodeExecCallback: About to scan region for a PE image (base 0x00290000, size 0x7000).
2020-02-14 15:52:59,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:52:59,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:52:59,500 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_165814000039341714522020
2020-02-14 15:52:59,500 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_165814000039341714522020 (size 0x7000)
2020-02-14 15:52:59,500 [root] DEBUG: ShellcodeExecCallback: successfully dumped memory range at 0x00290000 (size 0x7000).
2020-02-14 15:52:59,515 [root] DEBUG: set_caller_info: Adding region at 0x00290000 to caller regions list (ntdll::LdrGetProcedureAddress).
2020-02-14 15:52:59,515 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:52:59,515 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:52:59,515 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:52:59,515 [root] DEBUG: set_caller_info: Adding region at 0x01380000 to caller regions list (kernel32::GetSystemTime).
2020-02-14 15:52:59,515 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_41956551939341714522020
2020-02-14 15:52:59,515 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_41956551939341714522020 (size 0x7000)
2020-02-14 15:52:59,515 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:52:59,515 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:52:59,530 [root] DEBUG: DLL loaded at 0x77060000: C:\Windows\system32\shell32 (0xc4c000 bytes).
2020-02-14 15:52:59,765 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2924
2020-02-14 15:52:59,765 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:52:59,765 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:52:59,765 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:52:59,765 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:52:59,765 [root] DEBUG: Loader: Injecting process 2924 (thread 2912) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,765 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:52:59,765 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,765 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:52:59,780 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,780 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2924
2020-02-14 15:52:59,780 [root] DEBUG: DLL loaded at 0x758D0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-02-14 15:52:59,796 [root] DEBUG: DLL unloaded from 0x00400000.
2020-02-14 15:52:59,796 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2924
2020-02-14 15:52:59,796 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:52:59,796 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:52:59,796 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:52:59,796 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:52:59,796 [root] DEBUG: Loader: Injecting process 2924 (thread 2912) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,796 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:52:59,796 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,796 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:52:59,796 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,796 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2924
2020-02-14 15:52:59,796 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:52:59,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:52:59,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:52:59,812 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:52:59,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:52:59,812 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:52:59,812 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:52:59,812 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:52:59,812 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_194425767239341714522020
2020-02-14 15:52:59,812 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_194425767239341714522020 (size 0xa000)
2020-02-14 15:52:59,812 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:52:59,812 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:52:59,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:52:59,812 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:52:59,812 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:52:59,812 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:52:59,828 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_50481243239341714522020
2020-02-14 15:52:59,858 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_50481243239341714522020 (size 0x7000)
2020-02-14 15:52:59,858 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:52:59,858 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:52:59,875 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3192
2020-02-14 15:52:59,875 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:52:59,875 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:52:59,875 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:52:59,890 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:52:59,890 [root] DEBUG: Loader: Injecting process 3192 (thread 3048) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,890 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:52:59,890 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,890 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:52:59,890 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,890 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3192
2020-02-14 15:52:59,921 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3192
2020-02-14 15:52:59,921 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:52:59,921 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:52:59,921 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:52:59,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:52:59,937 [root] DEBUG: Loader: Injecting process 3192 (thread 3048) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,967 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:52:59,967 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,967 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:52:59,967 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:52:59,983 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3192
2020-02-14 15:52:59,983 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:52:59,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:52:59,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:52:59,983 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:52:59,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:52:59,983 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:52:59,983 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:52:59,983 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:52:59,983 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_154282769639341714522020
2020-02-14 15:52:59,983 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_154282769639341714522020 (size 0xa000)
2020-02-14 15:53:00,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:00,000 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:00,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:00,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:00,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:00,046 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_040341714522020
2020-02-14 15:53:00,046 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_040341714522020 (size 0x7000)
2020-02-14 15:53:00,046 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:00,046 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:00,078 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3160
2020-02-14 15:53:00,078 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,078 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,078 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,078 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,078 [root] DEBUG: Loader: Injecting process 3160 (thread 3136) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,078 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,078 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,078 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:00,078 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,078 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3160
2020-02-14 15:53:00,092 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3160
2020-02-14 15:53:00,092 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,092 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,092 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,108 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,108 [root] DEBUG: Loader: Injecting process 3160 (thread 3136) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,108 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,108 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,108 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:00,108 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,108 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3160
2020-02-14 15:53:00,108 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:00,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:00,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:00,125 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:00,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:00,125 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,125 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:00,125 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:00,125 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_55308907940341714522020
2020-02-14 15:53:00,125 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_55308907940341714522020 (size 0xa000)
2020-02-14 15:53:00,125 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:00,125 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:00,125 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:00,125 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:00,125 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:00,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_58177783440341714522020
2020-02-14 15:53:00,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_58177783440341714522020 (size 0x7000)
2020-02-14 15:53:00,140 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:00,140 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:00,155 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3212
2020-02-14 15:53:00,155 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,155 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,155 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,171 [root] DEBUG: Loader: Injecting process 3212 (thread 3416) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,171 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:00,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,171 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3212
2020-02-14 15:53:00,187 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3212
2020-02-14 15:53:00,187 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,187 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,187 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,203 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,203 [root] DEBUG: Loader: Injecting process 3212 (thread 3416) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,203 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,203 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,203 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:00,203 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,203 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3212
2020-02-14 15:53:00,203 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:00,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:00,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:00,203 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:00,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:00,203 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,203 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:00,203 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:00,217 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_122920615240341714522020
2020-02-14 15:53:00,217 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_122920615240341714522020 (size 0xa000)
2020-02-14 15:53:00,217 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:00,217 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:00,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:00,217 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:00,217 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:00,217 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_137844818040341714522020
2020-02-14 15:53:00,217 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_137844818040341714522020 (size 0x7000)
2020-02-14 15:53:00,217 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:00,217 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:00,233 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3724
2020-02-14 15:53:00,453 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,453 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,453 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,453 [root] DEBUG: Loader: Injecting process 3724 (thread 3712) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,453 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,467 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,467 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:00,467 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,467 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3724
2020-02-14 15:53:00,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3724
2020-02-14 15:53:00,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,483 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,483 [root] DEBUG: Loader: Injecting process 3724 (thread 3712) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,483 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,483 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,483 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:00,483 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,483 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3724
2020-02-14 15:53:00,483 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:00,483 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:00,483 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:00,483 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:00,483 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:00,483 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,483 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:00,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:00,500 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_174643978840341714522020
2020-02-14 15:53:00,500 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_174643978840341714522020 (size 0xa000)
2020-02-14 15:53:00,500 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:00,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:00,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:00,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:00,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:00,500 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_210740691240341714522020
2020-02-14 15:53:00,500 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_210740691240341714522020 (size 0x7000)
2020-02-14 15:53:00,515 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:00,515 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:00,530 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3760
2020-02-14 15:53:00,530 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,530 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,530 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,530 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,530 [root] DEBUG: Loader: Injecting process 3760 (thread 3756) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,530 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,530 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,530 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:00,530 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3760
2020-02-14 15:53:00,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3760
2020-02-14 15:53:00,546 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,562 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,562 [root] DEBUG: Loader: Injecting process 3760 (thread 3756) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,562 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,562 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,562 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:00,562 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,562 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3760
2020-02-14 15:53:00,562 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:00,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:00,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:00,562 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:00,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:00,562 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,562 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:00,562 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:00,625 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_99666471640341714522020
2020-02-14 15:53:00,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_99666471640341714522020 (size 0xa000)
2020-02-14 15:53:00,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:00,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,625 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:00,625 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:00,625 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:00,625 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:00,625 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_70100572540341714522020
2020-02-14 15:53:00,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_70100572540341714522020 (size 0x7000)
2020-02-14 15:53:00,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:00,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:00,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3844
2020-02-14 15:53:00,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,640 [root] DEBUG: Loader: Injecting process 3844 (thread 2064) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,640 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:00,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3844
2020-02-14 15:53:00,671 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3844
2020-02-14 15:53:00,671 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,671 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,671 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,671 [root] DEBUG: Loader: Injecting process 3844 (thread 2064) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,671 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:00,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3844
2020-02-14 15:53:00,687 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:00,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:00,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:00,687 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:00,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:00,687 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,687 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:00,687 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:00,687 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_109007580140341714522020
2020-02-14 15:53:00,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_109007580140341714522020 (size 0xa000)
2020-02-14 15:53:00,687 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:00,687 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:00,703 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:00,703 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:00,703 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:00,733 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_196727922440341714522020
2020-02-14 15:53:00,750 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_196727922440341714522020 (size 0x7000)
2020-02-14 15:53:00,750 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:00,750 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:00,765 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4044
2020-02-14 15:53:00,765 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,765 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,765 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,796 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,796 [root] DEBUG: Loader: Injecting process 4044 (thread 2808) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,796 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,796 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,796 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:00,796 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,796 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4044
2020-02-14 15:53:00,812 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4044
2020-02-14 15:53:00,812 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,812 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,812 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,812 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,812 [root] DEBUG: Loader: Injecting process 4044 (thread 2808) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,828 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,828 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:00,828 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,828 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4044
2020-02-14 15:53:00,828 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:00,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:00,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:00,828 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:00,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:00,828 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,828 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:00,828 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:00,842 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_13002967640341714522020
2020-02-14 15:53:00,842 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_13002967640341714522020 (size 0xa000)
2020-02-14 15:53:00,842 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:00,842 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,842 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:00,842 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:00,842 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:00,842 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:00,842 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_152941408940341714522020
2020-02-14 15:53:00,842 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_152941408940341714522020 (size 0x7000)
2020-02-14 15:53:00,842 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:00,858 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:00,875 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1056
2020-02-14 15:53:00,875 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,875 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,875 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,875 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,875 [root] DEBUG: Loader: Injecting process 1056 (thread 2636) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,875 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,875 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,875 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:00,875 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,875 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1056
2020-02-14 15:53:00,890 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1056
2020-02-14 15:53:00,890 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,890 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,890 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,905 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,905 [root] DEBUG: Loader: Injecting process 1056 (thread 2636) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,905 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,905 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,905 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:00,905 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,905 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1056
2020-02-14 15:53:00,905 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:00,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:00,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:00,905 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:00,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:00,905 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,921 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:00,921 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:00,921 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_124667337140341714522020
2020-02-14 15:53:00,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_124667337140341714522020 (size 0xa000)
2020-02-14 15:53:00,921 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:00,921 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:00,921 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:00,921 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:00,921 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:00,937 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:00,937 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_136587236640341714522020
2020-02-14 15:53:00,937 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_136587236640341714522020 (size 0x7000)
2020-02-14 15:53:00,937 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:00,937 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:00,953 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2152
2020-02-14 15:53:00,953 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,953 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,953 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,953 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,953 [root] DEBUG: Loader: Injecting process 2152 (thread 776) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,953 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,953 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,953 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:00,953 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,953 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2152
2020-02-14 15:53:00,967 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2152
2020-02-14 15:53:00,983 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:00,983 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:00,983 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:00,983 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:00,983 [root] DEBUG: Loader: Injecting process 2152 (thread 776) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,983 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:00,983 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,983 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:00,983 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:00,983 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2152
2020-02-14 15:53:00,983 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:00,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:01,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:01,000 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:01,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:01,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:01,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:01,155 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_041341714522020
2020-02-14 15:53:01,155 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_041341714522020 (size 0xa000)
2020-02-14 15:53:01,171 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:01,171 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,171 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:01,171 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:01,171 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:01,171 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:01,171 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_88339077141341714522020
2020-02-14 15:53:01,171 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_88339077141341714522020 (size 0x7000)
2020-02-14 15:53:01,171 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:01,171 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:01,187 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2740
2020-02-14 15:53:01,187 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,187 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,187 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,187 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,187 [root] DEBUG: Loader: Injecting process 2740 (thread 2560) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,187 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,187 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,187 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:01,187 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,187 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2740
2020-02-14 15:53:01,203 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2740
2020-02-14 15:53:01,203 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,203 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,203 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,217 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,217 [root] DEBUG: Loader: Injecting process 2740 (thread 2560) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,217 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,217 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,217 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:01,217 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,217 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2740
2020-02-14 15:53:01,217 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:01,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:01,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:01,217 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:01,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:01,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,217 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:01,217 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:01,296 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_137402983441341714522020
2020-02-14 15:53:01,296 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_137402983441341714522020 (size 0xa000)
2020-02-14 15:53:01,296 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:01,296 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:01,296 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:01,296 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:01,296 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:01,312 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_630460041341714522020
2020-02-14 15:53:01,312 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_630460041341714522020 (size 0x7000)
2020-02-14 15:53:01,312 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:01,312 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:01,328 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 840
2020-02-14 15:53:01,328 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,328 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,328 [root] DEBUG: Loader: Injecting process 840 (thread 2712) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,328 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,328 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:01,328 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 840
2020-02-14 15:53:01,358 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 840
2020-02-14 15:53:01,358 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,358 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,358 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,358 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,358 [root] DEBUG: Loader: Injecting process 840 (thread 2712) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,358 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,358 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,358 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:01,358 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,358 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 840
2020-02-14 15:53:01,375 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:01,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:01,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:01,375 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:01,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:01,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:01,375 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:01,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_182123215141341714522020
2020-02-14 15:53:01,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_182123215141341714522020 (size 0xa000)
2020-02-14 15:53:01,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:01,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:01,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:01,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:01,390 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:01,390 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_100094745641341714522020
2020-02-14 15:53:01,390 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_100094745641341714522020 (size 0x7000)
2020-02-14 15:53:01,390 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:01,390 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:01,405 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3204
2020-02-14 15:53:01,405 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,405 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,405 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,405 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,405 [root] DEBUG: Loader: Injecting process 3204 (thread 3120) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,405 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,405 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,405 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:01,405 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,405 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3204
2020-02-14 15:53:01,421 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3204
2020-02-14 15:53:01,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,437 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,437 [root] DEBUG: Loader: Injecting process 3204 (thread 3120) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,437 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,437 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,437 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:01,437 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3204
2020-02-14 15:53:01,437 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:01,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:01,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:01,437 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:01,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:01,437 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,437 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:01,437 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:01,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_93037519841341714522020
2020-02-14 15:53:01,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_93037519841341714522020 (size 0xa000)
2020-02-14 15:53:01,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:01,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:01,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:01,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:01,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:01,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_99087760241341714522020
2020-02-14 15:53:01,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_99087760241341714522020 (size 0x7000)
2020-02-14 15:53:01,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:01,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:01,467 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3356
2020-02-14 15:53:01,467 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,467 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,467 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,467 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,467 [root] DEBUG: Loader: Injecting process 3356 (thread 3312) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,467 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,467 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,467 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:01,467 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,467 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3356
2020-02-14 15:53:01,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3356
2020-02-14 15:53:01,500 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,500 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,500 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,500 [root] DEBUG: Loader: Injecting process 3356 (thread 3312) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,515 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,515 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:01,515 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,515 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3356
2020-02-14 15:53:01,515 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:01,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:01,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:01,515 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:01,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:01,530 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,530 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:01,530 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:01,530 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_146073040641341714522020
2020-02-14 15:53:01,530 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_146073040641341714522020 (size 0xa000)
2020-02-14 15:53:01,530 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:01,530 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:01,530 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:01,530 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:01,530 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:01,546 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_13799522241341714522020
2020-02-14 15:53:01,546 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_13799522241341714522020 (size 0x7000)
2020-02-14 15:53:01,546 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:01,546 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:01,562 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3376
2020-02-14 15:53:01,562 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,562 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,562 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,562 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,562 [root] DEBUG: Loader: Injecting process 3376 (thread 2240) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,562 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,562 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,562 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:01,562 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,562 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3376
2020-02-14 15:53:01,592 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3376
2020-02-14 15:53:01,592 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,592 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,592 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,592 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,592 [root] DEBUG: Loader: Injecting process 3376 (thread 2240) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,592 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,592 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,592 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:01,592 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,592 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3376
2020-02-14 15:53:01,592 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:01,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:01,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:01,592 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:01,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:01,592 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,608 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:01,608 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:01,608 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_152074389141341714522020
2020-02-14 15:53:01,608 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_152074389141341714522020 (size 0xa000)
2020-02-14 15:53:01,608 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:01,608 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,608 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:01,608 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:01,608 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:01,608 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:01,625 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_214408351841341714522020
2020-02-14 15:53:01,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_214408351841341714522020 (size 0x7000)
2020-02-14 15:53:01,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:01,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:01,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2584
2020-02-14 15:53:01,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,640 [root] DEBUG: Loader: Injecting process 2584 (thread 3208) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,655 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,655 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:01,655 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,655 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2584
2020-02-14 15:53:01,671 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2584
2020-02-14 15:53:01,671 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,671 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,671 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,687 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,687 [root] DEBUG: Loader: Injecting process 2584 (thread 3208) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,687 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,687 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,687 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:01,687 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2584
2020-02-14 15:53:01,687 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:01,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:01,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:01,703 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:01,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:01,703 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,703 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:01,703 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:01,703 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_205086945841341714522020
2020-02-14 15:53:01,703 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_205086945841341714522020 (size 0xa000)
2020-02-14 15:53:01,703 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:01,703 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:01,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:01,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:01,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:01,717 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_213670461441341714522020
2020-02-14 15:53:01,717 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_213670461441341714522020 (size 0x7000)
2020-02-14 15:53:01,717 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:01,717 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:01,733 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3952
2020-02-14 15:53:01,733 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,733 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,733 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,733 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,733 [root] DEBUG: Loader: Injecting process 3952 (thread 3860) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,733 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,733 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,733 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:01,733 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,750 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3952
2020-02-14 15:53:01,765 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3952
2020-02-14 15:53:01,765 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,765 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,765 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,780 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,780 [root] DEBUG: Loader: Injecting process 3952 (thread 3860) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,780 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,780 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,780 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:01,780 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,780 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3952
2020-02-14 15:53:01,780 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:01,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:01,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:01,780 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:01,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:01,780 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,780 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:01,780 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:01,796 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_28659359341341714522020
2020-02-14 15:53:01,796 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_28659359341341714522020 (size 0xa000)
2020-02-14 15:53:01,796 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:01,796 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:01,796 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:01,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:01,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:01,828 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_77909302441341714522020
2020-02-14 15:53:01,828 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_77909302441341714522020 (size 0x7000)
2020-02-14 15:53:01,828 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:01,828 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:01,842 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2604
2020-02-14 15:53:01,842 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,842 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,842 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,842 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,842 [root] DEBUG: Loader: Injecting process 2604 (thread 2276) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,842 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,842 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,842 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:01,842 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,858 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2604
2020-02-14 15:53:01,875 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2604
2020-02-14 15:53:01,875 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,875 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,875 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,890 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,890 [root] DEBUG: Loader: Injecting process 2604 (thread 2276) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,890 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,890 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,890 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:01,890 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,890 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2604
2020-02-14 15:53:01,890 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:01,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:01,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:01,890 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:01,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:01,890 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,890 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:01,890 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:01,905 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_120389077241341714522020
2020-02-14 15:53:01,905 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_120389077241341714522020 (size 0xa000)
2020-02-14 15:53:01,905 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:01,905 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:01,905 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:01,905 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:01,905 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:01,921 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_205258439841341714522020
2020-02-14 15:53:01,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_205258439841341714522020 (size 0x7000)
2020-02-14 15:53:01,921 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:01,921 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:01,937 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 304
2020-02-14 15:53:01,937 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,937 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,937 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,937 [root] DEBUG: Loader: Injecting process 304 (thread 4076) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,937 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,937 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,937 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:01,937 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,937 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 304
2020-02-14 15:53:01,967 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 304
2020-02-14 15:53:01,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:01,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:01,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:01,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:01,967 [root] DEBUG: Loader: Injecting process 304 (thread 4076) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,967 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:01,967 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,967 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:01,967 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:01,967 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 304
2020-02-14 15:53:01,967 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:01,967 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:01,967 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:01,967 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:01,967 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:01,983 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,983 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:01,983 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:01,983 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_118595161641341714522020
2020-02-14 15:53:01,983 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_118595161641341714522020 (size 0xa000)
2020-02-14 15:53:01,983 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:01,983 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:01,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:01,983 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:01,983 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:01,983 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:02,015 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_147228327241341714522020
2020-02-14 15:53:02,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_147228327241341714522020 (size 0x7000)
2020-02-14 15:53:02,015 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:02,015 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:02,030 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2420
2020-02-14 15:53:02,030 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,030 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,030 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,030 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,030 [root] DEBUG: Loader: Injecting process 2420 (thread 3196) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,030 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,030 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,030 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:02,030 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,030 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2420
2020-02-14 15:53:02,062 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2420
2020-02-14 15:53:02,062 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,062 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,062 [root] DEBUG: Loader: Injecting process 2420 (thread 3196) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,062 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,062 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,062 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:02,062 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,062 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2420
2020-02-14 15:53:02,062 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:02,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:02,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:02,078 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:02,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:02,078 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,078 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:02,078 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:02,078 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_58361953242341714522020
2020-02-14 15:53:02,078 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_58361953242341714522020 (size 0xa000)
2020-02-14 15:53:02,078 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:02,078 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:02,078 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:02,078 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:02,078 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:02,296 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_194539873242341714522020
2020-02-14 15:53:02,296 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_194539873242341714522020 (size 0x7000)
2020-02-14 15:53:02,296 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:02,296 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:02,312 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2424
2020-02-14 15:53:02,312 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,312 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,312 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,312 [root] DEBUG: Loader: Injecting process 2424 (thread 1160) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,312 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,312 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,312 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:02,312 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,312 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2424
2020-02-14 15:53:02,342 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2424
2020-02-14 15:53:02,342 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,342 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,342 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,342 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,342 [root] DEBUG: Loader: Injecting process 2424 (thread 1160) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,342 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,342 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,342 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:02,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2424
2020-02-14 15:53:02,342 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:02,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:02,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:02,342 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:02,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:02,342 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:02,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:02,358 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_37813928842341714522020
2020-02-14 15:53:02,358 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_37813928842341714522020 (size 0xa000)
2020-02-14 15:53:02,358 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:02,358 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:02,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:02,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:02,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:02,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_38560785342341714522020
2020-02-14 15:53:02,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_38560785342341714522020 (size 0x7000)
2020-02-14 15:53:02,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:02,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:02,390 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2616
2020-02-14 15:53:02,390 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,390 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,390 [root] DEBUG: Loader: Injecting process 2616 (thread 1292) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,390 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,390 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,390 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:02,390 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,390 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2616
2020-02-14 15:53:02,421 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2616
2020-02-14 15:53:02,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,421 [root] DEBUG: Loader: Injecting process 2616 (thread 1292) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,421 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,421 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,421 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:02,437 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2616
2020-02-14 15:53:02,437 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:02,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:02,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:02,437 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:02,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:02,437 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,437 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:02,437 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:02,483 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_199471551542341714522020
2020-02-14 15:53:02,483 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_199471551542341714522020 (size 0xa000)
2020-02-14 15:53:02,483 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:02,483 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,483 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:02,483 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:02,483 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:02,483 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:02,483 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_172254887642341714522020
2020-02-14 15:53:02,483 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_172254887642341714522020 (size 0x7000)
2020-02-14 15:53:02,500 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:02,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:02,515 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2864
2020-02-14 15:53:02,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,515 [root] DEBUG: Loader: Injecting process 2864 (thread 3072) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,515 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,515 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:02,515 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,515 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2864
2020-02-14 15:53:02,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2864
2020-02-14 15:53:02,546 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,546 [root] DEBUG: Loader: Injecting process 2864 (thread 3072) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,546 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,562 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:02,562 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,562 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2864
2020-02-14 15:53:02,562 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:02,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:02,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:02,562 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:02,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:02,562 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,562 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:02,562 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:02,578 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_21990405643341714522020
2020-02-14 15:53:02,578 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_21990405643341714522020 (size 0xa000)
2020-02-14 15:53:02,578 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:02,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:02,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:02,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:02,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:02,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_4427842843341714522020
2020-02-14 15:53:02,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_4427842843341714522020 (size 0x7000)
2020-02-14 15:53:02,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:02,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:02,608 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2768
2020-02-14 15:53:02,608 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,608 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,608 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,608 [root] DEBUG: Loader: Injecting process 2768 (thread 3092) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,608 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,608 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,608 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:02,608 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,608 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2768
2020-02-14 15:53:02,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2768
2020-02-14 15:53:02,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,640 [root] DEBUG: Loader: Injecting process 2768 (thread 3092) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,640 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:02,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2768
2020-02-14 15:53:02,640 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:02,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:02,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:02,640 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:02,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:02,640 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:02,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:02,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_43495373644341714522020
2020-02-14 15:53:02,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_43495373644341714522020 (size 0xa000)
2020-02-14 15:53:02,655 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:02,655 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:02,655 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:02,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:02,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:02,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_7662431644341714522020
2020-02-14 15:53:02,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_7662431644341714522020 (size 0x7000)
2020-02-14 15:53:02,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:02,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:02,687 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3652
2020-02-14 15:53:02,733 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,733 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,733 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,733 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,733 [root] DEBUG: Loader: Injecting process 3652 (thread 3340) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,733 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,733 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,733 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:02,733 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,733 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3652
2020-02-14 15:53:02,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3652
2020-02-14 15:53:02,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,765 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,765 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,765 [root] DEBUG: Loader: Injecting process 3652 (thread 3340) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,765 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,765 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,765 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:02,765 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,765 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3652
2020-02-14 15:53:02,765 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:02,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:02,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:02,765 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:02,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:02,765 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,765 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:02,765 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:02,780 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_125039567045341714522020
2020-02-14 15:53:02,780 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_125039567045341714522020 (size 0xa000)
2020-02-14 15:53:02,780 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:02,780 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:02,780 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:02,780 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:02,780 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:02,780 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_62246652045341714522020
2020-02-14 15:53:02,780 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_62246652045341714522020 (size 0x7000)
2020-02-14 15:53:02,780 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:02,780 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:02,796 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2644
2020-02-14 15:53:02,796 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,796 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,796 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,796 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,796 [root] DEBUG: Loader: Injecting process 2644 (thread 3460) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,796 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,796 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,796 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:02,796 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,796 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2644
2020-02-14 15:53:02,812 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2644
2020-02-14 15:53:02,812 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,812 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,812 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,812 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,812 [root] DEBUG: Loader: Injecting process 2644 (thread 3460) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,812 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,828 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:02,828 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,828 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2644
2020-02-14 15:53:02,828 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:02,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:02,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:02,828 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:02,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:02,828 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,828 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:02,828 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:02,842 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_29176964446341714522020
2020-02-14 15:53:02,842 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_29176964446341714522020 (size 0xa000)
2020-02-14 15:53:02,842 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:02,842 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,842 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:02,842 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:02,842 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:02,842 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:02,842 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_81346120546341714522020
2020-02-14 15:53:02,842 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_81346120546341714522020 (size 0x7000)
2020-02-14 15:53:02,842 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:02,842 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:02,858 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3264
2020-02-14 15:53:02,858 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,858 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,858 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,858 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,858 [root] DEBUG: Loader: Injecting process 3264 (thread 4052) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,858 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,858 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,858 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:02,858 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,858 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3264
2020-02-14 15:53:02,890 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3264
2020-02-14 15:53:02,890 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,890 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,890 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,890 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,890 [root] DEBUG: Loader: Injecting process 3264 (thread 4052) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,890 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,890 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,890 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:02,890 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,890 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3264
2020-02-14 15:53:02,890 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:02,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:02,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:02,890 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:02,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:02,890 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,905 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:02,905 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:02,905 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_97807731646341714522020
2020-02-14 15:53:02,905 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_97807731646341714522020 (size 0xa000)
2020-02-14 15:53:02,905 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:02,905 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:02,905 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:02,905 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:02,905 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:02,921 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_24032456446341714522020
2020-02-14 15:53:02,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_24032456446341714522020 (size 0x7000)
2020-02-14 15:53:02,921 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:02,921 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:02,937 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4000
2020-02-14 15:53:02,937 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,937 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,937 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,937 [root] DEBUG: Loader: Injecting process 4000 (thread 2696) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,937 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,953 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,953 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:02,953 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,953 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4000
2020-02-14 15:53:02,967 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4000
2020-02-14 15:53:02,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:02,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:02,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:02,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:02,967 [root] DEBUG: Loader: Injecting process 4000 (thread 2696) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,967 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:02,967 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,967 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:02,967 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:02,967 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4000
2020-02-14 15:53:02,983 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:02,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:02,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:02,983 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:02,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:02,983 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:02,983 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:02,983 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:03,155 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_40678097147341714522020
2020-02-14 15:53:03,155 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_40678097147341714522020 (size 0xa000)
2020-02-14 15:53:03,155 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:03,155 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:03,155 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:03,155 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:03,171 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:03,171 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:03,171 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_207285451647341714522020
2020-02-14 15:53:03,171 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_207285451647341714522020 (size 0x7000)
2020-02-14 15:53:03,171 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:03,171 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:03,187 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4028
2020-02-14 15:53:04,703 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:04,703 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:04,703 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:04,703 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:04,703 [root] DEBUG: Loader: Injecting process 4028 (thread 3520) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:04,703 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:04,703 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:04,703 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:04,717 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:04,717 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4028
2020-02-14 15:53:04,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4028
2020-02-14 15:53:04,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:04,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:04,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:04,765 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:04,765 [root] DEBUG: Loader: Injecting process 4028 (thread 3520) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:04,765 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:04,765 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:04,765 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:04,765 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:04,765 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4028
2020-02-14 15:53:04,765 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:04,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:04,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:04,765 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:04,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:04,765 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:04,765 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:04,765 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:05,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_157408320150341714522020
2020-02-14 15:53:05,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_157408320150341714522020 (size 0xa000)
2020-02-14 15:53:05,140 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:05,140 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:05,140 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:05,140 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:05,140 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:05,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_37835650850341714522020
2020-02-14 15:53:05,155 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_37835650850341714522020 (size 0x7000)
2020-02-14 15:53:05,155 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:05,155 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:05,171 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2360
2020-02-14 15:53:05,171 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,171 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,171 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,171 [root] DEBUG: Loader: Injecting process 2360 (thread 2372) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,171 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:05,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,171 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2360
2020-02-14 15:53:05,187 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2360
2020-02-14 15:53:05,187 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,187 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,203 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,203 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,203 [root] DEBUG: Loader: Injecting process 2360 (thread 2372) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,203 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,203 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,203 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:05,203 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,203 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2360
2020-02-14 15:53:05,203 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:05,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:05,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:05,203 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:05,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:05,203 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,203 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:05,203 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:05,217 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_180305304051341714522020
2020-02-14 15:53:05,217 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_180305304051341714522020 (size 0xa000)
2020-02-14 15:53:05,217 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:05,217 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:05,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:05,217 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:05,217 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:05,217 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_135633729651341714522020
2020-02-14 15:53:05,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_135633729651341714522020 (size 0x7000)
2020-02-14 15:53:05,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:05,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:05,250 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2684
2020-02-14 15:53:05,250 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,250 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,250 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,250 [root] DEBUG: Loader: Injecting process 2684 (thread 1192) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,250 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,250 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,250 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:05,250 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,250 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2684
2020-02-14 15:53:05,265 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2684
2020-02-14 15:53:05,265 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,265 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,265 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,280 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,280 [root] DEBUG: Loader: Injecting process 2684 (thread 1192) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,280 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,280 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,280 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:05,280 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,280 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2684
2020-02-14 15:53:05,280 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:05,280 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:05,280 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:05,280 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:05,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:05,312 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,312 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:05,312 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:05,312 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_157944089052341714522020
2020-02-14 15:53:05,312 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_157944089052341714522020 (size 0xa000)
2020-02-14 15:53:05,312 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:05,312 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:05,312 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:05,328 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:05,328 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:05,328 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_28349847052341714522020
2020-02-14 15:53:05,328 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_28349847052341714522020 (size 0x7000)
2020-02-14 15:53:05,328 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:05,328 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:05,342 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3820
2020-02-14 15:53:05,342 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,342 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,342 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,342 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,342 [root] DEBUG: Loader: Injecting process 3820 (thread 2988) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,342 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,342 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,342 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:05,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3820
2020-02-14 15:53:05,358 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3820
2020-02-14 15:53:05,358 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,358 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,358 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,375 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,375 [root] DEBUG: Loader: Injecting process 3820 (thread 2988) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,375 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,375 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,375 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:05,375 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,375 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3820
2020-02-14 15:53:05,375 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:05,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:05,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:05,375 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:05,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:05,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:05,390 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:05,390 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_208594860853341714522020
2020-02-14 15:53:05,390 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_208594860853341714522020 (size 0xa000)
2020-02-14 15:53:05,390 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:05,390 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,390 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:05,390 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:05,390 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:05,390 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:05,405 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_95257622153341714522020
2020-02-14 15:53:05,405 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_95257622153341714522020 (size 0x7000)
2020-02-14 15:53:05,405 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:05,405 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:05,421 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3176
2020-02-14 15:53:05,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,421 [root] DEBUG: Loader: Injecting process 3176 (thread 3140) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,421 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,421 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,421 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:05,421 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,421 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3176
2020-02-14 15:53:05,437 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3176
2020-02-14 15:53:05,437 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,453 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,453 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,453 [root] DEBUG: Loader: Injecting process 3176 (thread 3140) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,453 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,453 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,453 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:05,453 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,453 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3176
2020-02-14 15:53:05,453 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:05,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:05,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:05,453 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:05,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:05,467 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,467 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:05,467 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:05,500 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_145686278254341714522020
2020-02-14 15:53:05,500 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_145686278254341714522020 (size 0xa000)
2020-02-14 15:53:05,500 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:05,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:05,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:05,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:05,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:05,500 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_188678641454341714522020
2020-02-14 15:53:05,515 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_188678641454341714522020 (size 0x7000)
2020-02-14 15:53:05,515 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:05,515 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:05,530 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3252
2020-02-14 15:53:05,530 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,530 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,530 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,530 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,530 [root] DEBUG: Loader: Injecting process 3252 (thread 3284) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,530 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,530 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,530 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:05,530 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3252
2020-02-14 15:53:05,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3252
2020-02-14 15:53:05,546 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,562 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,562 [root] DEBUG: Loader: Injecting process 3252 (thread 3284) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,562 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,562 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,562 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:05,562 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,562 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3252
2020-02-14 15:53:05,562 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:05,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:05,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:05,562 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:05,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:05,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:05,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:05,578 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_74336119655341714522020
2020-02-14 15:53:05,578 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_74336119655341714522020 (size 0xa000)
2020-02-14 15:53:05,578 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:05,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:05,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:05,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:05,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:05,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_12125190955341714522020
2020-02-14 15:53:05,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_12125190955341714522020 (size 0x7000)
2020-02-14 15:53:05,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:05,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:05,608 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3720
2020-02-14 15:53:05,608 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,608 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,608 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,608 [root] DEBUG: Loader: Injecting process 3720 (thread 3680) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,608 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,608 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,608 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:05,608 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,608 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3720
2020-02-14 15:53:05,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3720
2020-02-14 15:53:05,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,640 [root] DEBUG: Loader: Injecting process 3720 (thread 3680) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,640 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:05,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3720
2020-02-14 15:53:05,640 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:05,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:05,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:05,640 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:05,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:05,655 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:05,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:05,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_157222679455341714522020
2020-02-14 15:53:05,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_157222679455341714522020 (size 0xa000)
2020-02-14 15:53:05,655 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:05,655 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:05,655 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:05,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:05,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:05,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_183790505555341714522020
2020-02-14 15:53:05,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_183790505555341714522020 (size 0x7000)
2020-02-14 15:53:05,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:05,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:05,687 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3848
2020-02-14 15:53:05,687 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,687 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,687 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,687 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,687 [root] DEBUG: Loader: Injecting process 3848 (thread 3644) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,687 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,687 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,687 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:05,687 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3848
2020-02-14 15:53:05,703 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3848
2020-02-14 15:53:05,703 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,703 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,703 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,717 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,717 [root] DEBUG: Loader: Injecting process 3848 (thread 3644) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,717 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,717 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:05,717 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,717 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3848
2020-02-14 15:53:05,717 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:05,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:05,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:05,717 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:05,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:05,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:05,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:05,733 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_90297911656341714522020
2020-02-14 15:53:05,733 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_90297911656341714522020 (size 0xa000)
2020-02-14 15:53:05,733 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:05,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,733 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:05,733 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:05,733 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:05,733 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:05,733 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_132575027656341714522020
2020-02-14 15:53:05,750 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_132575027656341714522020 (size 0x7000)
2020-02-14 15:53:05,750 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:05,750 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:05,765 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 904
2020-02-14 15:53:05,765 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,765 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,765 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,765 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,765 [root] DEBUG: Loader: Injecting process 904 (thread 2212) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,765 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,765 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,765 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:05,765 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,765 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 904
2020-02-14 15:53:05,780 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 904
2020-02-14 15:53:05,780 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,780 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,780 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,780 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,796 [root] DEBUG: Loader: Injecting process 904 (thread 2212) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,796 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,796 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,796 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:05,796 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,796 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 904
2020-02-14 15:53:05,796 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:05,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:05,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:05,796 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:05,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:05,796 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:05,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:05,796 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_207392934857341714522020
2020-02-14 15:53:05,812 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_207392934857341714522020 (size 0xa000)
2020-02-14 15:53:05,812 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:05,812 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:05,812 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:05,812 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:05,812 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:05,812 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_127049742857341714522020
2020-02-14 15:53:05,812 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_127049742857341714522020 (size 0x7000)
2020-02-14 15:53:05,812 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:05,812 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:05,828 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2760
2020-02-14 15:53:05,828 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,828 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,828 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,828 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,828 [root] DEBUG: Loader: Injecting process 2760 (thread 3576) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,828 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,828 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:05,828 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,828 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2760
2020-02-14 15:53:05,842 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2760
2020-02-14 15:53:05,842 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,842 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,842 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,842 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,858 [root] DEBUG: Loader: Injecting process 2760 (thread 3576) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,858 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,858 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,858 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:05,858 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,858 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2760
2020-02-14 15:53:05,858 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:05,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:05,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:05,858 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:05,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:05,858 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,858 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:05,858 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:05,875 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_121360103258341714522020
2020-02-14 15:53:05,875 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_121360103258341714522020 (size 0xa000)
2020-02-14 15:53:05,875 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:05,875 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:05,875 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:05,875 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:05,875 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:05,875 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:05,875 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_86707620458341714522020
2020-02-14 15:53:05,875 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_86707620458341714522020 (size 0x7000)
2020-02-14 15:53:05,875 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:05,875 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:05,905 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2520
2020-02-14 15:53:05,905 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,905 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,905 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,905 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,905 [root] DEBUG: Loader: Injecting process 2520 (thread 1224) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,905 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,905 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,905 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:05,905 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,905 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2520
2020-02-14 15:53:05,921 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2520
2020-02-14 15:53:05,921 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:05,921 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:05,921 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:05,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:05,937 [root] DEBUG: Loader: Injecting process 2520 (thread 1224) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,937 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:05,937 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,937 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:05,937 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:05,937 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2520
2020-02-14 15:53:05,937 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:05,937 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:05,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:06,030 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:06,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:06,078 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,078 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:06,078 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:06,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_114262792859341714522020
2020-02-14 15:53:06,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_114262792859341714522020 (size 0xa000)
2020-02-14 15:53:06,140 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:06,140 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:06,140 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:06,140 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:06,140 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:06,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_3387556080351714522020
2020-02-14 15:53:06,155 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_3387556080351714522020 (size 0x7000)
2020-02-14 15:53:06,155 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:06,155 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:06,171 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2784
2020-02-14 15:53:06,171 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,171 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,171 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,171 [root] DEBUG: Loader: Injecting process 2784 (thread 1892) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,171 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:06,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,171 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2784
2020-02-14 15:53:06,187 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2784
2020-02-14 15:53:06,203 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,203 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,203 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,203 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,203 [root] DEBUG: Loader: Injecting process 2784 (thread 1892) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,203 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,203 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,203 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:06,203 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,203 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2784
2020-02-14 15:53:06,203 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:06,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:06,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:06,217 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:06,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:06,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,217 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:06,217 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:06,233 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_18696521090351714522020
2020-02-14 15:53:06,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_18696521090351714522020 (size 0xa000)
2020-02-14 15:53:06,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:06,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,233 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:06,233 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:06,233 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:06,233 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:06,250 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_12075972210351714522020
2020-02-14 15:53:06,250 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_12075972210351714522020 (size 0x7000)
2020-02-14 15:53:06,250 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:06,250 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:06,265 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2748
2020-02-14 15:53:06,265 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,265 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,265 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,265 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,265 [root] DEBUG: Loader: Injecting process 2748 (thread 2936) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,265 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,265 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,265 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:06,265 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,265 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2748
2020-02-14 15:53:06,280 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2748
2020-02-14 15:53:06,280 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,280 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,296 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,296 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,296 [root] DEBUG: Loader: Injecting process 2748 (thread 2936) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,296 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,296 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,296 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:06,296 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,296 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2748
2020-02-14 15:53:06,296 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:06,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:06,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:06,296 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:06,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:06,328 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,328 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:06,328 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:06,328 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_20676003771351714522020
2020-02-14 15:53:06,328 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_20676003771351714522020 (size 0xa000)
2020-02-14 15:53:06,328 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:06,328 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:06,328 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:06,328 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:06,328 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:06,342 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_7133003391351714522020
2020-02-14 15:53:06,342 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_7133003391351714522020 (size 0x7000)
2020-02-14 15:53:06,342 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:06,342 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:06,358 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4040
2020-02-14 15:53:06,390 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,390 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,390 [root] DEBUG: Loader: Injecting process 4040 (thread 3184) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,390 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,390 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,390 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:06,405 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,405 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4040
2020-02-14 15:53:06,421 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4040
2020-02-14 15:53:06,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,421 [root] DEBUG: Loader: Injecting process 4040 (thread 3184) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,421 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,421 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,421 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:06,421 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,421 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4040
2020-02-14 15:53:06,437 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:06,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:06,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:06,437 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:06,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:06,437 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,437 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:06,437 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:06,437 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_13027392382351714522020
2020-02-14 15:53:06,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_13027392382351714522020 (size 0xa000)
2020-02-14 15:53:06,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:06,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:06,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:06,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:06,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:06,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_17437405382351714522020
2020-02-14 15:53:06,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_17437405382351714522020 (size 0x7000)
2020-02-14 15:53:06,655 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:06,655 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:06,671 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3344
2020-02-14 15:53:06,671 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,671 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,671 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,671 [root] DEBUG: Loader: Injecting process 3344 (thread 3364) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,671 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:06,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3344
2020-02-14 15:53:06,687 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3344
2020-02-14 15:53:06,703 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,703 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,703 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,703 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,703 [root] DEBUG: Loader: Injecting process 3344 (thread 3364) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,703 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,703 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,703 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:06,703 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,703 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3344
2020-02-14 15:53:06,703 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:06,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:06,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:06,717 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:06,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:06,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:06,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:06,717 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_1035552623351714522020
2020-02-14 15:53:06,717 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_1035552623351714522020 (size 0xa000)
2020-02-14 15:53:06,717 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:06,717 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:06,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:06,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:06,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:06,733 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_14368298983351714522020
2020-02-14 15:53:06,733 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_14368298983351714522020 (size 0x7000)
2020-02-14 15:53:06,733 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:06,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:06,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2852
2020-02-14 15:53:06,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,750 [root] DEBUG: Loader: Injecting process 2852 (thread 3708) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,750 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,750 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,750 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:06,750 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,750 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2852
2020-02-14 15:53:06,765 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2852
2020-02-14 15:53:06,765 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,780 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,780 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,780 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,780 [root] DEBUG: Loader: Injecting process 2852 (thread 3708) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,780 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,780 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,780 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:06,780 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,780 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2852
2020-02-14 15:53:06,780 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:06,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:06,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:06,796 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:06,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:06,796 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:06,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:06,890 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_5393682724351714522020
2020-02-14 15:53:06,890 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_5393682724351714522020 (size 0xa000)
2020-02-14 15:53:06,890 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:06,890 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:06,890 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:06,890 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:06,890 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:06,890 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_14681094964351714522020
2020-02-14 15:53:06,905 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_14681094964351714522020 (size 0x7000)
2020-02-14 15:53:06,905 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:06,905 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:06,921 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3956
2020-02-14 15:53:06,921 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,921 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,921 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,921 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,921 [root] DEBUG: Loader: Injecting process 3956 (thread 1464) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,921 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,921 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,921 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:06,921 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,921 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3956
2020-02-14 15:53:06,937 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3956
2020-02-14 15:53:06,937 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:06,937 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:06,937 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:06,953 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:06,953 [root] DEBUG: Loader: Injecting process 3956 (thread 1464) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,953 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:06,953 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,953 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:06,953 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:06,953 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3956
2020-02-14 15:53:06,953 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:06,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:06,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:06,953 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:06,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:06,953 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:06,967 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:06,967 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:08,421 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_14247987445351714522020
2020-02-14 15:53:08,437 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_14247987445351714522020 (size 0xa000)
2020-02-14 15:53:08,437 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:08,437 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:08,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:08,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:08,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:08,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:08,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_12875738886351714522020
2020-02-14 15:53:08,467 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_12875738886351714522020 (size 0x7000)
2020-02-14 15:53:08,467 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:08,467 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:08,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2828
2020-02-14 15:53:09,140 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:09,140 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:09,140 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:09,140 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:09,140 [root] DEBUG: Loader: Injecting process 2828 (thread 1600) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:09,140 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:09,140 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:09,140 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:09,140 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:09,140 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2828
2020-02-14 15:53:09,171 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2828
2020-02-14 15:53:09,171 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:09,171 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:09,171 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:09,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:09,171 [root] DEBUG: Loader: Injecting process 2828 (thread 1600) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:09,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:09,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:09,171 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:09,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:09,171 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2828
2020-02-14 15:53:09,171 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:09,187 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:09,187 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:09,187 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:09,187 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:09,187 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:09,187 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:09,187 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:09,765 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_16181937688351714522020
2020-02-14 15:53:09,765 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_16181937688351714522020 (size 0xa000)
2020-02-14 15:53:09,780 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:09,780 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:09,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:09,780 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:09,780 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:09,780 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:10,062 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_19842839809351714522020
2020-02-14 15:53:10,062 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_19842839809351714522020 (size 0x7000)
2020-02-14 15:53:10,062 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:10,062 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:10,078 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2224
2020-02-14 15:53:10,078 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:10,078 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:10,078 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:10,078 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:10,078 [root] DEBUG: Loader: Injecting process 2224 (thread 608) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,078 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:10,078 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,078 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:10,078 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,078 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2224
2020-02-14 15:53:10,092 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2224
2020-02-14 15:53:10,092 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:10,108 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:10,108 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:10,108 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:10,108 [root] DEBUG: Loader: Injecting process 2224 (thread 608) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,108 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:10,108 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,108 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:10,108 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,108 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2224
2020-02-14 15:53:10,108 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:10,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:10,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:10,108 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:10,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:10,125 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:10,125 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:10,125 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:10,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_52752894610351714522020
2020-02-14 15:53:10,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_52752894610351714522020 (size 0xa000)
2020-02-14 15:53:10,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:10,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:10,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:10,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:10,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:10,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:10,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_9636798810351714522020
2020-02-14 15:53:10,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_9636798810351714522020 (size 0x7000)
2020-02-14 15:53:10,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:10,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:10,467 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4092
2020-02-14 15:53:10,467 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:10,467 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:10,467 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:10,467 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:10,467 [root] DEBUG: Loader: Injecting process 4092 (thread 2860) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,467 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:10,467 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,467 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:10,467 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,467 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4092
2020-02-14 15:53:10,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4092
2020-02-14 15:53:10,500 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:10,500 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:10,500 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:10,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:10,500 [root] DEBUG: Loader: Injecting process 4092 (thread 2860) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:10,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,500 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:10,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4092
2020-02-14 15:53:10,500 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:10,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:10,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:10,500 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:10,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:10,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:10,515 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:10,515 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:10,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_151605668011351714522020
2020-02-14 15:53:10,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_151605668011351714522020 (size 0xa000)
2020-02-14 15:53:10,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:10,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:10,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:10,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:10,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:10,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:10,687 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_123182957611351714522020
2020-02-14 15:53:10,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_123182957611351714522020 (size 0x7000)
2020-02-14 15:53:10,687 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:10,687 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:10,703 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3000
2020-02-14 15:53:10,953 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:10,953 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:10,953 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:10,953 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:10,953 [root] DEBUG: Loader: Injecting process 3000 (thread 1500) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,953 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:10,953 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,953 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:10,953 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,953 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3000
2020-02-14 15:53:10,967 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3000
2020-02-14 15:53:10,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:10,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:10,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:10,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:10,967 [root] DEBUG: Loader: Injecting process 3000 (thread 1500) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,983 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:10,983 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,983 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:10,983 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:10,983 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3000
2020-02-14 15:53:10,983 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:10,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:10,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:10,983 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:10,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:10,983 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:10,983 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:10,983 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:11,000 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_109169032012351714522020
2020-02-14 15:53:11,000 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_109169032012351714522020 (size 0xa000)
2020-02-14 15:53:11,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:11,000 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:11,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:11,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:11,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:11,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:11,562 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_193176650612351714522020
2020-02-14 15:53:11,562 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_193176650612351714522020 (size 0x7000)
2020-02-14 15:53:11,562 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:11,562 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:11,578 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3436
2020-02-14 15:53:11,578 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:11,578 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:11,578 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:11,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:11,592 [root] DEBUG: Loader: Injecting process 3436 (thread 3240) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:11,592 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:11,592 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:11,592 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:11,592 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:11,592 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3436
2020-02-14 15:53:11,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3436
2020-02-14 15:53:11,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:11,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:11,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:11,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:11,640 [root] DEBUG: Loader: Injecting process 3436 (thread 3240) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:11,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:11,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:11,655 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:11,655 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:11,655 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3436
2020-02-14 15:53:11,655 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:11,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:11,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:11,655 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:11,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:11,655 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:11,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:11,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:11,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_111250535813351714522020
2020-02-14 15:53:11,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_111250535813351714522020 (size 0xa000)
2020-02-14 15:53:11,655 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:11,655 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:11,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:11,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:11,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:11,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:12,280 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_2515739813351714522020
2020-02-14 15:53:12,280 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_2515739813351714522020 (size 0x7000)
2020-02-14 15:53:12,280 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:12,280 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:12,296 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3656
2020-02-14 15:53:12,296 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:12,296 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:12,296 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:12,296 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:12,296 [root] DEBUG: Loader: Injecting process 3656 (thread 2848) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,296 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:12,296 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,296 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:12,296 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,296 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3656
2020-02-14 15:53:12,312 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3656
2020-02-14 15:53:12,312 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:12,312 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:12,312 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:12,342 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:12,342 [root] DEBUG: Loader: Injecting process 3656 (thread 2848) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,342 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:12,342 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,342 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:12,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3656
2020-02-14 15:53:12,342 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:12,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:12,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:12,342 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:12,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:12,342 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:12,342 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:12,342 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:12,717 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_59813114614351714522020
2020-02-14 15:53:12,717 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_59813114614351714522020 (size 0xa000)
2020-02-14 15:53:12,733 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:12,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:12,733 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:12,733 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:12,733 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:12,733 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:12,733 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_59663008015351714522020
2020-02-14 15:53:12,733 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_59663008015351714522020 (size 0x7000)
2020-02-14 15:53:12,733 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:12,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:12,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3744
2020-02-14 15:53:12,812 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:12,812 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:12,812 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:12,812 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:12,828 [root] DEBUG: Loader: Injecting process 3744 (thread 3676) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,828 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:12,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,828 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:12,828 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,828 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3744
2020-02-14 15:53:12,842 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3744
2020-02-14 15:53:12,842 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:12,842 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:12,842 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:12,842 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:12,842 [root] DEBUG: Loader: Injecting process 3744 (thread 3676) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,842 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:12,842 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,842 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:12,842 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:12,842 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3744
2020-02-14 15:53:12,858 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:12,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:12,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:12,858 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:12,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:12,858 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:12,858 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:12,858 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:12,858 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_161184001916351714522020
2020-02-14 15:53:12,858 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_161184001916351714522020 (size 0xa000)
2020-02-14 15:53:12,858 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:12,858 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:12,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:12,858 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:12,875 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:12,875 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:13,608 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_151663157516351714522020
2020-02-14 15:53:13,608 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_151663157516351714522020 (size 0x7000)
2020-02-14 15:53:13,608 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:13,608 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:13,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4064
2020-02-14 15:53:13,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:13,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:13,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:13,625 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:13,625 [root] DEBUG: Loader: Injecting process 4064 (thread 2792) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,625 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:13,625 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,625 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:13,625 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,625 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4064
2020-02-14 15:53:13,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4064
2020-02-14 15:53:13,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:13,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:13,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:13,655 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:13,655 [root] DEBUG: Loader: Injecting process 4064 (thread 2792) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,655 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:13,655 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,655 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:13,655 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,655 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4064
2020-02-14 15:53:13,655 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:13,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:13,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:13,655 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:13,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:13,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:13,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:13,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:13,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_134148136517351714522020
2020-02-14 15:53:13,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_134148136517351714522020 (size 0xa000)
2020-02-14 15:53:13,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:13,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:13,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:13,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:13,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:13,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:13,921 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_56632922317351714522020
2020-02-14 15:53:13,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_56632922317351714522020 (size 0x7000)
2020-02-14 15:53:13,921 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:13,921 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:13,937 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2256
2020-02-14 15:53:13,937 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:13,937 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:13,937 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:13,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:13,937 [root] DEBUG: Loader: Injecting process 2256 (thread 1208) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,937 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:13,937 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,937 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:13,937 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,937 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2256
2020-02-14 15:53:13,967 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2256
2020-02-14 15:53:13,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:13,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:13,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:13,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:13,967 [root] DEBUG: Loader: Injecting process 2256 (thread 1208) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,983 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:13,983 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,983 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:13,983 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:13,983 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2256
2020-02-14 15:53:13,983 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:13,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:13,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:13,983 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:13,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:13,983 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:13,983 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:13,983 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:14,000 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_199513266018351714522020
2020-02-14 15:53:14,000 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_199513266018351714522020 (size 0xa000)
2020-02-14 15:53:14,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:14,000 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:14,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:14,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:14,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:14,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:14,015 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_160629055619351714522020
2020-02-14 15:53:14,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_160629055619351714522020 (size 0x7000)
2020-02-14 15:53:14,015 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:14,015 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:14,030 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2468
2020-02-14 15:53:14,030 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:14,030 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:14,030 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:14,030 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:14,030 [root] DEBUG: Loader: Injecting process 2468 (thread 1516) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,030 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:14,030 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,030 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:14,030 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,030 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2468
2020-02-14 15:53:14,062 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2468
2020-02-14 15:53:14,062 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:14,062 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:14,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:14,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:14,062 [root] DEBUG: Loader: Injecting process 2468 (thread 1516) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,062 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:14,062 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,062 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:14,062 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,062 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2468
2020-02-14 15:53:14,062 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:14,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:14,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:14,062 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:14,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:14,062 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:14,062 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:14,062 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:14,296 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_149183882219351714522020
2020-02-14 15:53:14,296 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_149183882219351714522020 (size 0xa000)
2020-02-14 15:53:14,296 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:14,296 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:14,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:14,296 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:14,296 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:14,296 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:14,312 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_73296614619351714522020
2020-02-14 15:53:14,312 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_73296614619351714522020 (size 0x7000)
2020-02-14 15:53:14,312 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:14,312 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:14,328 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2732
2020-02-14 15:53:14,328 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:14,328 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:14,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:14,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:14,328 [root] DEBUG: Loader: Injecting process 2732 (thread 3084) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,328 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:14,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,328 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:14,328 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,328 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2732
2020-02-14 15:53:14,358 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2732
2020-02-14 15:53:14,375 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:14,375 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:14,375 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:14,375 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:14,375 [root] DEBUG: Loader: Injecting process 2732 (thread 3084) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,375 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:14,375 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,375 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:14,375 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,375 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2732
2020-02-14 15:53:14,375 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:14,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:14,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:14,375 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:14,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:14,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:14,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:14,390 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:14,390 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_139246800121351714522020
2020-02-14 15:53:14,390 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_139246800121351714522020 (size 0xa000)
2020-02-14 15:53:14,390 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:14,390 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:14,390 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:14,390 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:14,390 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:14,390 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:14,467 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_114799704021351714522020
2020-02-14 15:53:14,483 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_114799704021351714522020 (size 0x7000)
2020-02-14 15:53:14,483 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:14,483 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:14,500 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2968
2020-02-14 15:53:14,500 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:14,500 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:14,500 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:14,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:14,500 [root] DEBUG: Loader: Injecting process 2968 (thread 3280) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:14,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,500 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:14,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2968
2020-02-14 15:53:14,515 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2968
2020-02-14 15:53:14,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:14,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:14,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:14,530 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:14,530 [root] DEBUG: Loader: Injecting process 2968 (thread 3280) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,530 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:14,530 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,530 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:14,530 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2968
2020-02-14 15:53:14,530 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:14,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:14,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:14,530 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:14,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:14,546 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:14,546 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:14,546 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:14,546 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_9726768622351714522020
2020-02-14 15:53:14,546 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_9726768622351714522020 (size 0xa000)
2020-02-14 15:53:14,546 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:14,546 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:14,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:14,546 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:14,546 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:14,546 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:14,687 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_89231795622351714522020
2020-02-14 15:53:14,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_89231795622351714522020 (size 0x7000)
2020-02-14 15:53:14,687 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:14,687 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:14,703 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3448
2020-02-14 15:53:14,703 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:14,703 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:14,703 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:14,703 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:14,703 [root] DEBUG: Loader: Injecting process 3448 (thread 3624) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,703 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:14,703 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,703 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:14,703 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,717 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3448
2020-02-14 15:53:14,733 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3448
2020-02-14 15:53:14,733 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:14,733 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:14,733 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:14,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:14,750 [root] DEBUG: Loader: Injecting process 3448 (thread 3624) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,750 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:14,750 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,750 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:14,750 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:14,750 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3448
2020-02-14 15:53:14,750 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:14,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:14,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:14,765 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:14,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:14,765 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:14,765 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:14,765 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:15,046 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_101010839423351714522020
2020-02-14 15:53:15,046 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_101010839423351714522020 (size 0xa000)
2020-02-14 15:53:15,046 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:15,062 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:15,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:15,062 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:15,062 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:15,062 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:15,062 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_46331720423351714522020
2020-02-14 15:53:15,062 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_46331720423351714522020 (size 0x7000)
2020-02-14 15:53:15,062 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:15,078 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:15,092 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4004
2020-02-14 15:53:15,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:15,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:15,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:15,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:15,500 [root] DEBUG: Loader: Injecting process 4004 (thread 3828) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:15,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,500 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:15,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4004
2020-02-14 15:53:15,530 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4004
2020-02-14 15:53:15,530 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:15,530 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:15,530 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:15,530 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:15,530 [root] DEBUG: Loader: Injecting process 4004 (thread 3828) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,530 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:15,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,546 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:15,546 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,546 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4004
2020-02-14 15:53:15,546 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:15,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:15,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:15,546 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:15,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:15,546 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:15,546 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:15,546 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:15,546 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_6888184824351714522020
2020-02-14 15:53:15,546 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_6888184824351714522020 (size 0xa000)
2020-02-14 15:53:15,562 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:15,562 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:15,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:15,562 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:15,562 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:15,562 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:15,562 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_44821461924351714522020
2020-02-14 15:53:15,562 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_44821461924351714522020 (size 0x7000)
2020-02-14 15:53:15,562 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:15,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:15,592 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2028
2020-02-14 15:53:15,592 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:15,592 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:15,592 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:15,592 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:15,592 [root] DEBUG: Loader: Injecting process 2028 (thread 1204) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,592 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:15,592 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,592 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:15,592 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,592 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2028
2020-02-14 15:53:15,608 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2028
2020-02-14 15:53:15,608 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:15,608 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:15,608 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:15,625 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:15,625 [root] DEBUG: Loader: Injecting process 2028 (thread 1204) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,625 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:15,625 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,625 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:15,625 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,625 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2028
2020-02-14 15:53:15,625 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:15,625 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:15,625 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:15,625 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:15,625 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:15,640 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:15,640 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:15,640 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:15,640 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_193999521625351714522020
2020-02-14 15:53:15,640 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_193999521625351714522020 (size 0xa000)
2020-02-14 15:53:15,640 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:15,640 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:15,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:15,640 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:15,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:15,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:15,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_201240758425351714522020
2020-02-14 15:53:15,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_201240758425351714522020 (size 0x7000)
2020-02-14 15:53:15,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:15,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:15,687 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 792
2020-02-14 15:53:15,687 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:15,687 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:15,687 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:15,687 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:15,687 [root] DEBUG: Loader: Injecting process 792 (thread 2448) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,687 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:15,687 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,687 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:15,687 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 792
2020-02-14 15:53:15,703 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 792
2020-02-14 15:53:15,703 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:15,703 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:15,703 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:15,717 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:15,717 [root] DEBUG: Loader: Injecting process 792 (thread 2448) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,717 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:15,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,717 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:15,717 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,717 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 792
2020-02-14 15:53:15,717 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:15,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:15,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:15,717 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:15,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:15,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:15,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:15,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:15,733 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_71045407826351714522020
2020-02-14 15:53:15,733 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_71045407826351714522020 (size 0xa000)
2020-02-14 15:53:15,733 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:15,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:15,733 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:15,733 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:15,733 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:15,733 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:15,750 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_55795730426351714522020
2020-02-14 15:53:15,750 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_55795730426351714522020 (size 0x7000)
2020-02-14 15:53:15,750 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:15,750 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:15,765 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 940
2020-02-14 15:53:15,765 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:15,765 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:15,765 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:15,765 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:15,765 [root] DEBUG: Loader: Injecting process 940 (thread 2700) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,765 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:15,765 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,765 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:15,765 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,765 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 940
2020-02-14 15:53:15,780 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 940
2020-02-14 15:53:15,796 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:15,796 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:15,796 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:15,796 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:15,796 [root] DEBUG: Loader: Injecting process 940 (thread 2700) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,796 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:15,796 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,796 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:15,796 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,796 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 940
2020-02-14 15:53:15,796 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:15,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:15,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:15,812 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:15,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:15,812 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:15,812 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:15,812 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:15,812 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_148661569627351714522020
2020-02-14 15:53:15,812 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_148661569627351714522020 (size 0xa000)
2020-02-14 15:53:15,812 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:15,812 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:15,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:15,828 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:15,828 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:15,828 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:15,953 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_64304982827351714522020
2020-02-14 15:53:15,953 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_64304982827351714522020 (size 0x7000)
2020-02-14 15:53:15,953 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:15,953 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:15,967 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3148
2020-02-14 15:53:15,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:15,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:15,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:15,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:15,967 [root] DEBUG: Loader: Injecting process 3148 (thread 2892) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,967 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:15,967 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,967 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:15,967 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:15,967 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3148
2020-02-14 15:53:15,983 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3148
2020-02-14 15:53:16,000 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,000 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,000 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,000 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,000 [root] DEBUG: Loader: Injecting process 3148 (thread 2892) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,000 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,000 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,000 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:16,000 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,000 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3148
2020-02-14 15:53:16,015 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:16,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:16,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:16,015 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:16,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:16,015 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,015 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:16,015 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:16,015 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_39760145628351714522020
2020-02-14 15:53:16,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_39760145628351714522020 (size 0xa000)
2020-02-14 15:53:16,030 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:16,030 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:16,030 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:16,030 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:16,030 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:16,030 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_18731754028351714522020
2020-02-14 15:53:16,030 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_18731754028351714522020 (size 0x7000)
2020-02-14 15:53:16,030 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:16,030 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:16,046 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3568
2020-02-14 15:53:16,046 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,046 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,046 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,046 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,046 [root] DEBUG: Loader: Injecting process 3568 (thread 3456) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,046 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,046 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,046 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:16,046 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,046 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3568
2020-02-14 15:53:16,078 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3568
2020-02-14 15:53:16,078 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,078 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,078 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,078 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,078 [root] DEBUG: Loader: Injecting process 3568 (thread 3456) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,078 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,092 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,092 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:16,092 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,092 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3568
2020-02-14 15:53:16,092 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:16,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:16,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:16,092 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:16,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:16,092 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,092 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:16,092 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:16,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_26895597529351714522020
2020-02-14 15:53:16,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_26895597529351714522020 (size 0xa000)
2020-02-14 15:53:16,140 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:16,140 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:16,140 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:16,140 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:16,140 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:16,155 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_170081852829351714522020
2020-02-14 15:53:16,155 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_170081852829351714522020 (size 0x7000)
2020-02-14 15:53:16,155 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:16,155 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:16,171 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3572
2020-02-14 15:53:16,171 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,171 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,171 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,171 [root] DEBUG: Loader: Injecting process 3572 (thread 3788) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,171 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:16,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,171 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3572
2020-02-14 15:53:16,203 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3572
2020-02-14 15:53:16,203 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,203 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,203 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,203 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,217 [root] DEBUG: Loader: Injecting process 3572 (thread 3788) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,217 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,217 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,217 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:16,217 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,217 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3572
2020-02-14 15:53:16,217 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:16,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:16,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:16,217 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:16,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:16,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,217 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:16,217 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:16,233 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_204560776030351714522020
2020-02-14 15:53:16,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_204560776030351714522020 (size 0xa000)
2020-02-14 15:53:16,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:16,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,233 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:16,233 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:16,233 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:16,233 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:16,265 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_26108652830351714522020
2020-02-14 15:53:16,265 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_26108652830351714522020 (size 0x7000)
2020-02-14 15:53:16,265 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:16,265 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:16,280 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2216
2020-02-14 15:53:16,280 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,280 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,280 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,280 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,280 [root] DEBUG: Loader: Injecting process 2216 (thread 2564) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,280 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,280 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,280 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:16,280 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,280 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2216
2020-02-14 15:53:16,296 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2216
2020-02-14 15:53:16,296 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,296 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,296 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,312 [root] DEBUG: Loader: Injecting process 2216 (thread 2564) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,312 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,312 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,312 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:16,312 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,312 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2216
2020-02-14 15:53:16,312 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:16,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:16,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:16,328 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:16,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:16,328 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,328 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:16,328 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:16,328 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_67535669631351714522020
2020-02-14 15:53:16,328 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_67535669631351714522020 (size 0xa000)
2020-02-14 15:53:16,328 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:16,342 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:16,342 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:16,342 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:16,342 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:16,342 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_110243009631351714522020
2020-02-14 15:53:16,342 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_110243009631351714522020 (size 0x7000)
2020-02-14 15:53:16,342 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:16,342 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:16,390 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3600
2020-02-14 15:53:16,390 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,390 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,405 [root] DEBUG: Loader: Injecting process 3600 (thread 2172) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,405 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,405 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,405 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:16,405 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,405 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3600
2020-02-14 15:53:16,421 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3600
2020-02-14 15:53:16,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,421 [root] DEBUG: Loader: Injecting process 3600 (thread 2172) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,421 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,421 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,421 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:16,421 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,421 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3600
2020-02-14 15:53:16,421 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:16,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:16,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:16,437 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:16,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:16,437 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,437 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:16,437 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:16,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_155242064031351714522020
2020-02-14 15:53:16,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_155242064031351714522020 (size 0xa000)
2020-02-14 15:53:16,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:16,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:16,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:16,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:16,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:16,467 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_143584253431351714522020
2020-02-14 15:53:16,467 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_143584253431351714522020 (size 0x7000)
2020-02-14 15:53:16,467 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:16,467 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:16,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 996
2020-02-14 15:53:16,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,483 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,483 [root] DEBUG: Loader: Injecting process 996 (thread 3024) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,483 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,483 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,483 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:16,483 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,483 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 996
2020-02-14 15:53:16,500 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 996
2020-02-14 15:53:16,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,515 [root] DEBUG: Loader: Injecting process 996 (thread 3024) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,515 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,515 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:16,515 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,515 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 996
2020-02-14 15:53:16,515 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:16,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:16,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:16,515 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:16,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:16,515 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,515 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:16,515 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:16,530 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_133789044532351714522020
2020-02-14 15:53:16,530 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_133789044532351714522020 (size 0xa000)
2020-02-14 15:53:16,530 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:16,530 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:16,530 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:16,530 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:16,530 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:16,625 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_110916645232351714522020
2020-02-14 15:53:16,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_110916645232351714522020 (size 0x7000)
2020-02-14 15:53:16,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:16,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:16,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3432
2020-02-14 15:53:16,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,640 [root] DEBUG: Loader: Injecting process 3432 (thread 2904) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,640 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:16,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3432
2020-02-14 15:53:16,655 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3432
2020-02-14 15:53:16,671 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,671 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,671 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,671 [root] DEBUG: Loader: Injecting process 3432 (thread 2904) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,671 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:16,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3432
2020-02-14 15:53:16,671 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:16,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:16,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:16,671 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:16,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:16,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,687 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:16,687 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:16,828 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_213902076533351714522020
2020-02-14 15:53:16,828 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_213902076533351714522020 (size 0xa000)
2020-02-14 15:53:16,828 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:16,828 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:16,828 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:16,828 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:16,828 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:16,842 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_37617259233351714522020
2020-02-14 15:53:16,842 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_37617259233351714522020 (size 0x7000)
2020-02-14 15:53:16,842 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:16,842 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:16,858 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1644
2020-02-14 15:53:16,858 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,858 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,858 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,858 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,858 [root] DEBUG: Loader: Injecting process 1644 (thread 3372) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,858 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,858 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,858 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:16,858 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,858 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1644
2020-02-14 15:53:16,890 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1644
2020-02-14 15:53:16,890 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:16,890 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:16,890 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:16,890 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:16,890 [root] DEBUG: Loader: Injecting process 1644 (thread 3372) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,890 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:16,890 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,890 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:16,890 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:16,890 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1644
2020-02-14 15:53:16,890 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:16,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:16,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:16,905 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:16,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:16,905 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:16,905 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:16,905 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:17,217 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_169600344434351714522020
2020-02-14 15:53:17,217 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_169600344434351714522020 (size 0xa000)
2020-02-14 15:53:17,217 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:17,217 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:17,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:17,233 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:17,233 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:17,233 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:17,233 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_165184376035351714522020
2020-02-14 15:53:17,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_165184376035351714522020 (size 0x7000)
2020-02-14 15:53:17,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:17,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:17,250 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2764
2020-02-14 15:53:17,250 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:17,250 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:17,250 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:17,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:17,250 [root] DEBUG: Loader: Injecting process 2764 (thread 3792) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,250 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:17,250 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,250 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:17,250 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,250 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2764
2020-02-14 15:53:17,280 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2764
2020-02-14 15:53:17,280 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:17,280 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:17,280 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:17,280 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:17,280 [root] DEBUG: Loader: Injecting process 2764 (thread 3792) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,280 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:17,280 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,280 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:17,280 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,280 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2764
2020-02-14 15:53:17,280 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:17,280 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:17,280 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:17,296 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:17,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:17,296 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:17,296 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:17,296 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:17,312 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_209587284835351714522020
2020-02-14 15:53:17,312 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_209587284835351714522020 (size 0xa000)
2020-02-14 15:53:17,312 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:17,312 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:17,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:17,312 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:17,312 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:17,312 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:17,578 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_133880433635351714522020
2020-02-14 15:53:17,578 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_133880433635351714522020 (size 0x7000)
2020-02-14 15:53:17,578 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:17,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:17,592 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3920
2020-02-14 15:53:17,592 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:17,592 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:17,592 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:17,592 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:17,592 [root] DEBUG: Loader: Injecting process 3920 (thread 1152) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,592 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:17,592 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,592 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:17,608 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,608 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3920
2020-02-14 15:53:17,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3920
2020-02-14 15:53:17,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:17,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:17,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:17,625 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:17,625 [root] DEBUG: Loader: Injecting process 3920 (thread 1152) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,625 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:17,625 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,625 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:17,625 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:17,625 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3920
2020-02-14 15:53:17,625 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:17,625 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:17,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:17,640 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:17,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:17,640 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:17,640 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:17,640 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:17,640 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_97208117336351714522020
2020-02-14 15:53:17,640 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_97208117336351714522020 (size 0xa000)
2020-02-14 15:53:17,640 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:17,640 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:17,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:17,640 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:17,640 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:17,640 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:17,858 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_191335799536351714522020
2020-02-14 15:53:17,858 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_191335799536351714522020 (size 0x7000)
2020-02-14 15:53:17,858 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:17,858 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:17,875 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2160
2020-02-14 15:53:18,671 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:18,671 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:18,671 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:18,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:18,671 [root] DEBUG: Loader: Injecting process 2160 (thread 3288) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:18,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:18,687 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:18,687 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:18,687 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:18,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2160
2020-02-14 15:53:18,703 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2160
2020-02-14 15:53:18,703 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:18,703 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:18,703 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:18,703 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:18,703 [root] DEBUG: Loader: Injecting process 2160 (thread 3288) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:18,703 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:18,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:18,717 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:18,717 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:18,717 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2160
2020-02-14 15:53:18,717 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:18,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:18,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:18,717 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:18,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:18,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:18,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:18,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:18,733 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_167660342238351714522020
2020-02-14 15:53:18,733 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_167660342238351714522020 (size 0xa000)
2020-02-14 15:53:18,733 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:18,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:18,733 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:18,733 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:18,733 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:18,733 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:19,092 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_204338959338351714522020
2020-02-14 15:53:19,092 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_204338959338351714522020 (size 0x7000)
2020-02-14 15:53:19,108 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:19,108 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:19,125 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3152
2020-02-14 15:53:19,280 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:19,280 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:19,280 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:19,280 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:19,280 [root] DEBUG: Loader: Injecting process 3152 (thread 3132) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,280 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:19,296 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,296 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:19,296 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,296 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3152
2020-02-14 15:53:19,312 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3152
2020-02-14 15:53:19,312 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:19,312 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:19,312 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:19,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:19,312 [root] DEBUG: Loader: Injecting process 3152 (thread 3132) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,328 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:19,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,328 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:19,328 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,328 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3152
2020-02-14 15:53:19,328 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:19,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:19,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:19,328 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:19,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:19,328 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:19,328 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:19,328 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:19,328 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_185536432839351714522020
2020-02-14 15:53:19,328 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_185536432839351714522020 (size 0xa000)
2020-02-14 15:53:19,342 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:19,342 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:19,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:19,342 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:19,342 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:19,342 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:19,562 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_122045552840351714522020
2020-02-14 15:53:19,562 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_122045552840351714522020 (size 0x7000)
2020-02-14 15:53:19,562 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:19,562 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:19,578 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 696
2020-02-14 15:53:19,578 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:19,578 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:19,578 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:19,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:19,578 [root] DEBUG: Loader: Injecting process 696 (thread 1900) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,578 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:19,578 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,578 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:19,578 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,578 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 696
2020-02-14 15:53:19,592 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 696
2020-02-14 15:53:19,592 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:19,592 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:19,592 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:19,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:19,608 [root] DEBUG: Loader: Injecting process 696 (thread 1900) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,608 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:19,608 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,608 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:19,608 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:19,608 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 696
2020-02-14 15:53:19,608 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:19,608 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:19,608 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:19,608 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:19,608 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:19,608 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:19,608 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:19,608 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:19,625 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_52161307640351714522020
2020-02-14 15:53:19,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_52161307640351714522020 (size 0xa000)
2020-02-14 15:53:19,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:19,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:19,625 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:19,625 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:19,625 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:19,625 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:20,030 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_55857260040351714522020
2020-02-14 15:53:20,030 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_55857260040351714522020 (size 0x7000)
2020-02-14 15:53:20,030 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:20,046 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:20,062 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3924
2020-02-14 15:53:20,062 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:20,062 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:20,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:20,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:20,062 [root] DEBUG: Loader: Injecting process 3924 (thread 3672) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,062 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:20,062 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,062 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:20,062 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,062 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3924
2020-02-14 15:53:20,078 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3924
2020-02-14 15:53:20,078 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:20,078 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:20,078 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:20,092 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:20,092 [root] DEBUG: Loader: Injecting process 3924 (thread 3672) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,092 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:20,092 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,092 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:20,092 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,092 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3924
2020-02-14 15:53:20,092 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:20,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:20,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:20,092 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:20,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:20,092 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:20,092 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:20,092 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:20,437 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_755306442351714522020
2020-02-14 15:53:20,437 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_755306442351714522020 (size 0xa000)
2020-02-14 15:53:20,437 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:20,437 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:20,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:20,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:20,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:20,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:20,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_166549136842351714522020
2020-02-14 15:53:20,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_166549136842351714522020 (size 0x7000)
2020-02-14 15:53:20,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:20,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:20,467 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4016
2020-02-14 15:53:20,467 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:20,467 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:20,467 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:20,467 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:20,467 [root] DEBUG: Loader: Injecting process 4016 (thread 528) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,467 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:20,467 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,467 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:20,467 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,467 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4016
2020-02-14 15:53:20,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4016
2020-02-14 15:53:20,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:20,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:20,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:20,483 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:20,483 [root] DEBUG: Loader: Injecting process 4016 (thread 528) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,483 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:20,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,500 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:20,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:20,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4016
2020-02-14 15:53:20,500 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:20,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:20,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:20,500 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:20,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:20,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:20,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:20,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:22,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_179843913643351714522020
2020-02-14 15:53:22,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_179843913643351714522020 (size 0xa000)
2020-02-14 15:53:22,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:22,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:22,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:22,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:22,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:22,375 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:22,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_142750525945351714522020
2020-02-14 15:53:22,390 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_142750525945351714522020 (size 0x7000)
2020-02-14 15:53:22,390 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:22,390 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:22,405 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1220
2020-02-14 15:53:22,828 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:22,828 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:22,828 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:22,842 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:22,842 [root] DEBUG: Loader: Injecting process 1220 (thread 3768) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:22,842 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:22,842 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:22,842 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:22,842 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:22,842 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1220
2020-02-14 15:53:22,858 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1220
2020-02-14 15:53:22,858 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:22,858 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:22,858 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:22,875 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:22,875 [root] DEBUG: Loader: Injecting process 1220 (thread 3768) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:22,875 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:22,875 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:22,875 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:22,875 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:22,875 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1220
2020-02-14 15:53:22,875 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:22,875 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:22,875 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:22,875 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:22,875 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:22,875 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:22,875 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:22,875 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:22,890 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_11330745646351714522020
2020-02-14 15:53:22,890 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_11330745646351714522020 (size 0xa000)
2020-02-14 15:53:22,890 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:22,890 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:22,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:22,890 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:22,890 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:22,890 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:23,187 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_83354515246351714522020
2020-02-14 15:53:23,187 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_83354515246351714522020 (size 0x7000)
2020-02-14 15:53:23,187 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:23,187 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:23,203 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3164
2020-02-14 15:53:23,203 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:23,203 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:23,203 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:23,203 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:23,203 [root] DEBUG: Loader: Injecting process 3164 (thread 3248) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,203 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:23,203 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,203 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:23,203 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,203 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3164
2020-02-14 15:53:23,217 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3164
2020-02-14 15:53:23,217 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:23,217 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:23,217 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:23,233 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:23,233 [root] DEBUG: Loader: Injecting process 3164 (thread 3248) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,233 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:23,233 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,233 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:23,233 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,233 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3164
2020-02-14 15:53:23,233 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:23,233 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:23,233 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:23,233 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:23,233 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:23,233 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:23,250 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:23,250 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:23,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_136112808447351714522020
2020-02-14 15:53:23,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_136112808447351714522020 (size 0xa000)
2020-02-14 15:53:23,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:23,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:23,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:23,592 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:23,592 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:23,592 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:23,608 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_127064432848351714522020
2020-02-14 15:53:23,608 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_127064432848351714522020 (size 0x7000)
2020-02-14 15:53:23,608 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:23,608 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:23,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3260
2020-02-14 15:53:23,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:23,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:23,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:23,625 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:23,625 [root] DEBUG: Loader: Injecting process 3260 (thread 3876) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,625 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:23,625 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,625 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:23,625 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,625 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3260
2020-02-14 15:53:23,655 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3260
2020-02-14 15:53:23,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:23,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:23,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:23,655 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:23,655 [root] DEBUG: Loader: Injecting process 3260 (thread 3876) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,655 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:23,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,671 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:23,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:23,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3260
2020-02-14 15:53:23,671 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:23,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:23,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:23,671 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:23,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:23,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:23,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:23,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:24,000 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_8369038048351714522020
2020-02-14 15:53:24,000 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_8369038048351714522020 (size 0xa000)
2020-02-14 15:53:24,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:24,000 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:24,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:24,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:24,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:24,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:24,015 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_175630468949351714522020
2020-02-14 15:53:24,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_175630468949351714522020 (size 0x7000)
2020-02-14 15:53:24,015 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:24,015 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:24,030 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2888
2020-02-14 15:53:24,312 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:24,312 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:24,312 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:24,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:24,312 [root] DEBUG: Loader: Injecting process 2888 (thread 3536) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,312 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:24,312 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,312 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:24,328 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,328 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2888
2020-02-14 15:53:24,342 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2888
2020-02-14 15:53:24,342 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:24,342 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:24,342 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:24,342 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:24,342 [root] DEBUG: Loader: Injecting process 2888 (thread 3536) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,342 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:24,342 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,342 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:24,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2888
2020-02-14 15:53:24,342 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:24,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:24,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:24,358 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:24,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:24,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:24,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:24,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:24,358 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_106523994650351714522020
2020-02-14 15:53:24,358 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_106523994650351714522020 (size 0xa000)
2020-02-14 15:53:24,358 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:24,358 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:24,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:24,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:24,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:24,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:24,530 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_53474838850351714522020
2020-02-14 15:53:24,530 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_53474838850351714522020 (size 0x7000)
2020-02-14 15:53:24,530 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:24,530 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:24,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 712
2020-02-14 15:53:24,546 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:24,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:24,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:24,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:24,546 [root] DEBUG: Loader: Injecting process 712 (thread 2376) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,546 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:24,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,546 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:24,546 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,546 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 712
2020-02-14 15:53:24,562 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 712
2020-02-14 15:53:24,562 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:24,562 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:24,562 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:24,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:24,578 [root] DEBUG: Loader: Injecting process 712 (thread 2376) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,578 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:24,578 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,578 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:24,578 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,578 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 712
2020-02-14 15:53:24,578 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:24,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:24,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:24,578 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:24,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:24,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:24,592 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:24,592 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:24,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_97007590151351714522020
2020-02-14 15:53:24,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_97007590151351714522020 (size 0xa000)
2020-02-14 15:53:24,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:24,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:24,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:24,592 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:24,592 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:24,592 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:24,608 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_60171171951351714522020
2020-02-14 15:53:24,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_60171171951351714522020 (size 0x7000)
2020-02-14 15:53:24,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:24,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:24,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2992
2020-02-14 15:53:24,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:24,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:24,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:24,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:24,640 [root] DEBUG: Loader: Injecting process 2992 (thread 1632) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:24,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,640 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:24,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2992
2020-02-14 15:53:24,655 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2992
2020-02-14 15:53:24,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:24,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:24,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:24,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:24,671 [root] DEBUG: Loader: Injecting process 2992 (thread 1632) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:24,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,671 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:24,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2992
2020-02-14 15:53:24,671 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:24,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:24,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:24,671 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:24,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:24,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:24,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:24,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:24,687 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_143028669252351714522020
2020-02-14 15:53:24,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_143028669252351714522020 (size 0xa000)
2020-02-14 15:53:24,687 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:24,687 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:24,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:24,687 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:24,687 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:24,687 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:24,703 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_22332986452351714522020
2020-02-14 15:53:24,703 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_22332986452351714522020 (size 0x7000)
2020-02-14 15:53:24,703 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:24,703 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:24,717 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3076
2020-02-14 15:53:24,717 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:24,717 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:24,717 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:24,717 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:24,717 [root] DEBUG: Loader: Injecting process 3076 (thread 3232) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,717 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:24,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,717 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:24,717 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,717 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3076
2020-02-14 15:53:24,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3076
2020-02-14 15:53:24,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:24,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:24,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:24,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:24,750 [root] DEBUG: Loader: Injecting process 3076 (thread 3232) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,750 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:24,750 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,750 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:24,750 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,750 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3076
2020-02-14 15:53:24,765 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:24,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:24,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:24,765 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:24,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:24,765 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:24,765 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:24,765 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:24,765 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_55095951853351714522020
2020-02-14 15:53:24,765 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_55095951853351714522020 (size 0xa000)
2020-02-14 15:53:24,765 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:24,765 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:24,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:24,780 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:24,780 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:24,780 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:24,780 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_99553378853351714522020
2020-02-14 15:53:24,780 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_99553378853351714522020 (size 0x7000)
2020-02-14 15:53:24,780 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:24,780 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:24,796 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1536
2020-02-14 15:53:24,796 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:24,796 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:24,796 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:24,796 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:24,796 [root] DEBUG: Loader: Injecting process 1536 (thread 3648) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,796 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:24,796 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,796 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:24,796 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,796 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1536
2020-02-14 15:53:24,812 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1536
2020-02-14 15:53:24,812 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:24,812 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:24,812 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:24,828 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:24,828 [root] DEBUG: Loader: Injecting process 1536 (thread 3648) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,828 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:24,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,828 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:24,828 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:24,828 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1536
2020-02-14 15:53:24,828 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:24,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:24,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:24,828 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:24,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:24,828 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:24,828 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:24,828 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:25,078 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_109523660053351714522020
2020-02-14 15:53:25,092 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_109523660053351714522020 (size 0xa000)
2020-02-14 15:53:25,092 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:25,092 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:25,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:25,092 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:25,092 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:25,092 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:26,421 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_68793459854351714522020
2020-02-14 15:53:26,421 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_68793459854351714522020 (size 0x7000)
2020-02-14 15:53:26,421 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:26,421 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:26,437 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3916
2020-02-14 15:53:26,437 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:26,437 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:26,437 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:26,437 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:26,437 [root] DEBUG: Loader: Injecting process 3916 (thread 3596) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,437 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:26,437 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,437 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:26,437 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3916
2020-02-14 15:53:26,453 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3916
2020-02-14 15:53:26,467 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:26,467 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:26,467 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:26,467 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:26,467 [root] DEBUG: Loader: Injecting process 3916 (thread 3596) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,467 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:26,467 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,467 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:26,467 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,483 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3916
2020-02-14 15:53:26,500 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:26,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:26,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:26,500 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:26,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:26,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:26,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:26,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:26,750 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_69210815456351714522020
2020-02-14 15:53:26,750 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_69210815456351714522020 (size 0xa000)
2020-02-14 15:53:26,750 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:26,750 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:26,750 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:26,750 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:26,765 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:26,765 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:26,765 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_189196123456351714522020
2020-02-14 15:53:26,765 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_189196123456351714522020 (size 0x7000)
2020-02-14 15:53:26,765 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:26,765 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:26,780 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1048
2020-02-14 15:53:26,780 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:26,780 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:26,780 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:26,780 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:26,780 [root] DEBUG: Loader: Injecting process 1048 (thread 2272) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,780 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:26,780 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,780 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:26,780 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,780 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1048
2020-02-14 15:53:26,812 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1048
2020-02-14 15:53:26,812 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:26,812 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:26,812 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:26,812 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:26,812 [root] DEBUG: Loader: Injecting process 1048 (thread 2272) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,812 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:26,812 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,812 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:26,812 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:26,812 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1048
2020-02-14 15:53:26,812 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:26,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:26,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:26,828 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:26,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:26,828 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:26,828 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:26,828 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:27,405 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_94717455957351714522020
2020-02-14 15:53:27,405 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_94717455957351714522020 (size 0xa000)
2020-02-14 15:53:27,405 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:27,405 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:27,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:27,405 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:27,405 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:27,405 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:27,578 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_74275005358351714522020
2020-02-14 15:53:27,578 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_74275005358351714522020 (size 0x7000)
2020-02-14 15:53:27,578 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:27,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:27,592 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2428
2020-02-14 15:53:27,592 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:27,592 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:27,592 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:27,592 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:27,592 [root] DEBUG: Loader: Injecting process 2428 (thread 2524) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:27,592 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:27,592 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:27,592 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:27,592 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:27,592 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2428
2020-02-14 15:53:27,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2428
2020-02-14 15:53:27,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:27,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:27,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:27,625 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:27,625 [root] DEBUG: Loader: Injecting process 2428 (thread 2524) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:27,625 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:27,625 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:27,625 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:27,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:27,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2428
2020-02-14 15:53:27,640 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:27,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:27,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:27,640 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:27,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:27,640 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:27,640 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:27,640 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:27,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_41354560059351714522020
2020-02-14 15:53:27,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_41354560059351714522020 (size 0xa000)
2020-02-14 15:53:27,655 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:27,655 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:27,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:27,655 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:27,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:27,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:27,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_10520461659351714522020
2020-02-14 15:53:27,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_10520461659351714522020 (size 0x7000)
2020-02-14 15:53:27,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:27,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:27,687 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3588
2020-02-14 15:53:28,375 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:28,375 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:28,375 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:28,375 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:28,375 [root] DEBUG: Loader: Injecting process 3588 (thread 3220) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:28,375 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:28,375 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:28,375 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:28,390 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:28,390 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3588
2020-02-14 15:53:28,405 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3588
2020-02-14 15:53:28,405 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:28,405 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:28,405 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:28,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:28,421 [root] DEBUG: Loader: Injecting process 3588 (thread 3220) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:28,421 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:28,421 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:28,421 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:28,421 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:28,421 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3588
2020-02-14 15:53:28,421 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:28,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:28,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:28,421 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:28,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:28,437 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:28,437 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:28,437 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:28,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_6666885990361714522020
2020-02-14 15:53:28,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_6666885990361714522020 (size 0xa000)
2020-02-14 15:53:28,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:28,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:28,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:28,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:28,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:28,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:28,467 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_10450166550361714522020
2020-02-14 15:53:28,467 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_10450166550361714522020 (size 0x7000)
2020-02-14 15:53:28,467 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:28,467 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:28,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3992
2020-02-14 15:53:29,328 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:29,328 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:29,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:29,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:29,328 [root] DEBUG: Loader: Injecting process 3992 (thread 3864) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,328 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:29,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,328 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:29,328 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3992
2020-02-14 15:53:29,358 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3992
2020-02-14 15:53:29,358 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:29,358 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:29,358 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:29,358 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:29,358 [root] DEBUG: Loader: Injecting process 3992 (thread 3864) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,358 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:29,358 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,358 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:29,358 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,358 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3992
2020-02-14 15:53:29,358 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:29,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:29,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:29,358 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:29,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:29,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:29,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:29,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:29,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_1754426882361714522020
2020-02-14 15:53:29,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_1754426882361714522020 (size 0xa000)
2020-02-14 15:53:29,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:29,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:29,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:29,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:29,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:29,375 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:29,515 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_13495346482361714522020
2020-02-14 15:53:29,515 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_13495346482361714522020 (size 0x7000)
2020-02-14 15:53:29,515 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:29,515 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:29,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 488
2020-02-14 15:53:29,546 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:29,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:29,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:29,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:29,546 [root] DEBUG: Loader: Injecting process 488 (thread 2512) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,546 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:29,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,546 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:29,546 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,546 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 488
2020-02-14 15:53:29,562 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 488
2020-02-14 15:53:29,562 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:29,562 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:29,562 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:29,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:29,578 [root] DEBUG: Loader: Injecting process 488 (thread 2512) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,578 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:29,578 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,578 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:29,578 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,578 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 488
2020-02-14 15:53:29,578 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:29,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:29,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:29,578 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:29,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:29,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:29,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:29,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:29,733 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_15815691263361714522020
2020-02-14 15:53:29,733 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_15815691263361714522020 (size 0xa000)
2020-02-14 15:53:29,733 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:29,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:29,733 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:29,733 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:29,733 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:29,733 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:29,750 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_2341826943361714522020
2020-02-14 15:53:29,750 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_2341826943361714522020 (size 0x7000)
2020-02-14 15:53:29,750 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:29,750 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:29,765 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2704
2020-02-14 15:53:29,765 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:29,765 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:29,765 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:29,765 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:29,765 [root] DEBUG: Loader: Injecting process 2704 (thread 2724) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,765 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:29,765 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,765 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:29,765 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,765 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2704
2020-02-14 15:53:29,780 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2704
2020-02-14 15:53:29,780 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:29,780 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:29,780 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:29,796 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:29,796 [root] DEBUG: Loader: Injecting process 2704 (thread 2724) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,796 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:29,796 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,796 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:29,796 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:29,796 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2704
2020-02-14 15:53:29,796 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:29,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:29,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:29,796 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:29,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:29,796 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:29,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:29,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:29,812 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_15147910794361714522020
2020-02-14 15:53:29,812 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_15147910794361714522020 (size 0xa000)
2020-02-14 15:53:29,812 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:29,812 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:29,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:29,812 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:29,812 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:29,812 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:30,000 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_10314225654361714522020
2020-02-14 15:53:30,000 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_10314225654361714522020 (size 0x7000)
2020-02-14 15:53:30,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:30,000 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:30,015 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1460
2020-02-14 15:53:30,015 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:30,015 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:30,015 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:30,015 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:30,015 [root] DEBUG: Loader: Injecting process 1460 (thread 3028) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,015 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:30,015 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,015 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:30,015 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,015 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1460
2020-02-14 15:53:30,030 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1460
2020-02-14 15:53:30,030 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:30,030 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:30,030 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:30,046 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:30,046 [root] DEBUG: Loader: Injecting process 1460 (thread 3028) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,046 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:30,046 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,046 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:30,046 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,046 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1460
2020-02-14 15:53:30,046 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:30,046 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:30,046 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:30,046 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:30,046 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:30,046 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:30,046 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:30,046 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:30,062 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_11557445165361714522020
2020-02-14 15:53:30,062 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_11557445165361714522020 (size 0xa000)
2020-02-14 15:53:30,062 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:30,062 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:30,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:30,062 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:30,062 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:30,062 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:30,078 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_5228219525361714522020
2020-02-14 15:53:30,078 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_5228219525361714522020 (size 0x7000)
2020-02-14 15:53:30,078 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:30,078 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:30,092 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3880
2020-02-14 15:53:30,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:30,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:30,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:30,437 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:30,437 [root] DEBUG: Loader: Injecting process 3880 (thread 1356) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,437 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:30,437 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,437 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:30,437 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3880
2020-02-14 15:53:30,453 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3880
2020-02-14 15:53:30,453 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:30,453 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:30,453 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:30,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:30,453 [root] DEBUG: Loader: Injecting process 3880 (thread 1356) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,453 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:30,453 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,467 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:30,467 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,467 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3880
2020-02-14 15:53:30,467 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:30,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:30,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:30,467 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:30,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:30,467 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:30,467 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:30,467 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:30,483 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_9364448406361714522020
2020-02-14 15:53:30,483 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_9364448406361714522020 (size 0xa000)
2020-02-14 15:53:30,483 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:30,483 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:30,483 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:30,483 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:30,483 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:30,483 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:30,500 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_15938060346361714522020
2020-02-14 15:53:30,500 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_15938060346361714522020 (size 0x7000)
2020-02-14 15:53:30,500 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:30,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:30,515 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 584
2020-02-14 15:53:30,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:30,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:30,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:30,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:30,515 [root] DEBUG: Loader: Injecting process 584 (thread 2332) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,515 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:30,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,515 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:30,515 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,515 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 584
2020-02-14 15:53:30,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 584
2020-02-14 15:53:30,562 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:30,562 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:30,562 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:30,562 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:30,562 [root] DEBUG: Loader: Injecting process 584 (thread 2332) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,562 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:30,562 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,562 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:30,562 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,562 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 584
2020-02-14 15:53:30,562 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:30,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:30,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:30,562 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:30,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:30,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:30,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:30,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:30,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_15101368457361714522020
2020-02-14 15:53:30,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_15101368457361714522020 (size 0xa000)
2020-02-14 15:53:30,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:30,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:30,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:30,592 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:30,592 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:30,592 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:30,608 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_4989809267361714522020
2020-02-14 15:53:30,608 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_4989809267361714522020 (size 0x7000)
2020-02-14 15:53:30,608 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:30,608 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:30,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3016
2020-02-14 15:53:30,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:30,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:30,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:30,625 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:30,625 [root] DEBUG: Loader: Injecting process 3016 (thread 3020) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,625 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:30,625 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,625 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:30,625 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,625 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3016
2020-02-14 15:53:30,655 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3016
2020-02-14 15:53:30,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:30,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:30,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:30,655 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:30,655 [root] DEBUG: Loader: Injecting process 3016 (thread 3020) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,655 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:30,655 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,655 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:30,655 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:30,655 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3016
2020-02-14 15:53:30,655 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:30,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:30,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:30,655 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:30,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:30,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:30,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:30,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:30,703 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_1867289628361714522020
2020-02-14 15:53:30,717 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_1867289628361714522020 (size 0xa000)
2020-02-14 15:53:30,717 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:30,717 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:30,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:30,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:30,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:30,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:30,717 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_1934060478361714522020
2020-02-14 15:53:30,717 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_1934060478361714522020 (size 0x7000)
2020-02-14 15:53:30,733 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:30,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:30,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3944
2020-02-14 15:53:31,108 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,108 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,108 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,108 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,108 [root] DEBUG: Loader: Injecting process 3944 (thread 3392) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,108 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,108 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,108 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:31,108 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,125 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3944
2020-02-14 15:53:31,140 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3944
2020-02-14 15:53:31,140 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,140 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,140 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,140 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,140 [root] DEBUG: Loader: Injecting process 3944 (thread 3392) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,140 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,140 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,140 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:31,140 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,140 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3944
2020-02-14 15:53:31,140 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:31,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:31,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:31,140 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:31,155 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:31,155 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,155 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:31,155 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:31,155 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_6874656149361714522020
2020-02-14 15:53:31,155 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_6874656149361714522020 (size 0xa000)
2020-02-14 15:53:31,155 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:31,155 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,155 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:31,155 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:31,155 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:31,155 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:31,203 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_1741337789361714522020
2020-02-14 15:53:31,203 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_1741337789361714522020 (size 0x7000)
2020-02-14 15:53:31,203 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:31,203 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:31,217 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2384
2020-02-14 15:53:31,296 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,296 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,296 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,296 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,296 [root] DEBUG: Loader: Injecting process 2384 (thread 2264) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,296 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,296 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,296 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:31,296 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,312 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2384
2020-02-14 15:53:31,328 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2384
2020-02-14 15:53:31,328 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,328 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,328 [root] DEBUG: Loader: Injecting process 2384 (thread 2264) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,328 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,328 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:31,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2384
2020-02-14 15:53:31,342 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:31,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:31,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:31,342 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:31,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:31,342 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,342 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:31,342 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:31,342 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_33892031010361714522020
2020-02-14 15:53:31,342 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_33892031010361714522020 (size 0xa000)
2020-02-14 15:53:31,342 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:31,358 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:31,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:31,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:31,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:31,358 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_214467440110361714522020
2020-02-14 15:53:31,358 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_214467440110361714522020 (size 0x7000)
2020-02-14 15:53:31,358 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:31,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:31,390 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1196
2020-02-14 15:53:31,390 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,390 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,390 [root] DEBUG: Loader: Injecting process 1196 (thread 2036) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,390 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,390 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,390 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:31,390 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,405 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1196
2020-02-14 15:53:31,421 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1196
2020-02-14 15:53:31,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,421 [root] DEBUG: Loader: Injecting process 1196 (thread 2036) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,421 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,437 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,437 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:31,437 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1196
2020-02-14 15:53:31,437 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:31,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:31,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:31,437 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:31,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:31,437 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,437 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:31,437 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:31,483 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_24856628611361714522020
2020-02-14 15:53:31,483 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_24856628611361714522020 (size 0xa000)
2020-02-14 15:53:31,483 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:31,483 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,483 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:31,483 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:31,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:31,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:31,500 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_179477221411361714522020
2020-02-14 15:53:31,500 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_179477221411361714522020 (size 0x7000)
2020-02-14 15:53:31,500 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:31,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:31,515 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3292
2020-02-14 15:53:31,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,515 [root] DEBUG: Loader: Injecting process 3292 (thread 3348) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,515 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,515 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:31,515 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,515 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3292
2020-02-14 15:53:31,562 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3292
2020-02-14 15:53:31,562 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,562 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,562 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,562 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,562 [root] DEBUG: Loader: Injecting process 3292 (thread 3348) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,562 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,562 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,562 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:31,578 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,578 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3292
2020-02-14 15:53:31,578 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:31,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:31,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:31,578 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:31,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:31,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:31,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:31,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_102641019012361714522020
2020-02-14 15:53:31,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_102641019012361714522020 (size 0xa000)
2020-02-14 15:53:31,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:31,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:31,592 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:31,592 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:31,592 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:31,625 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_124228611012361714522020
2020-02-14 15:53:31,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_124228611012361714522020 (size 0x7000)
2020-02-14 15:53:31,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:31,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:31,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3948
2020-02-14 15:53:31,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,655 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,655 [root] DEBUG: Loader: Injecting process 3948 (thread 4084) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,655 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,655 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,655 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:31,655 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3948
2020-02-14 15:53:31,687 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3948
2020-02-14 15:53:31,687 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,687 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,687 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,687 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,687 [root] DEBUG: Loader: Injecting process 3948 (thread 4084) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,687 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,687 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,687 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:31,687 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3948
2020-02-14 15:53:31,703 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:31,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:31,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:31,703 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:31,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:31,703 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,703 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:31,703 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:31,717 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_30159436313361714522020
2020-02-14 15:53:31,717 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_30159436313361714522020 (size 0xa000)
2020-02-14 15:53:31,717 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:31,717 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:31,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:31,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:31,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:31,780 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_198750054013361714522020
2020-02-14 15:53:31,780 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_198750054013361714522020 (size 0x7000)
2020-02-14 15:53:31,796 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:31,796 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:31,812 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 552
2020-02-14 15:53:31,812 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,812 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,812 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,812 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,812 [root] DEBUG: Loader: Injecting process 552 (thread 2248) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,812 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,812 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,812 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:31,812 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,812 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 552
2020-02-14 15:53:31,842 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 552
2020-02-14 15:53:31,842 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,842 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,842 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,842 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,842 [root] DEBUG: Loader: Injecting process 552 (thread 2248) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,842 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,842 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,842 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:31,842 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,842 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 552
2020-02-14 15:53:31,842 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:31,842 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:31,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:31,858 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:31,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:31,858 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,858 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:31,858 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:31,875 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_22061550414361714522020
2020-02-14 15:53:31,875 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_22061550414361714522020 (size 0xa000)
2020-02-14 15:53:31,875 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:31,875 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,875 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:31,875 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:31,875 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:31,875 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:31,890 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_123709419914361714522020
2020-02-14 15:53:31,890 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_123709419914361714522020 (size 0x7000)
2020-02-14 15:53:31,890 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:31,890 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:31,905 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3476
2020-02-14 15:53:31,905 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,905 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,905 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,905 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,905 [root] DEBUG: Loader: Injecting process 3476 (thread 2480) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,905 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,905 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,905 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:31,905 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,905 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3476
2020-02-14 15:53:31,937 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3476
2020-02-14 15:53:31,937 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,937 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,937 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,937 [root] DEBUG: Loader: Injecting process 3476 (thread 2480) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,937 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,937 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,937 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:31,937 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,937 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3476
2020-02-14 15:53:31,937 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:31,937 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:31,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:31,953 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:31,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:31,953 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,953 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:31,953 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:31,953 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_89488054015361714522020
2020-02-14 15:53:31,953 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_89488054015361714522020 (size 0xa000)
2020-02-14 15:53:31,967 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:31,967 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:31,967 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:31,967 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:31,967 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:31,967 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:31,967 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_107081032815361714522020
2020-02-14 15:53:31,967 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_107081032815361714522020 (size 0x7000)
2020-02-14 15:53:31,967 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:31,967 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:31,983 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2776
2020-02-14 15:53:31,983 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:31,983 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:31,983 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:31,983 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:31,983 [root] DEBUG: Loader: Injecting process 2776 (thread 1232) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,983 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:31,983 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,983 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:31,983 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:31,983 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2776
2020-02-14 15:53:32,015 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2776
2020-02-14 15:53:32,015 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,015 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,015 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,015 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,015 [root] DEBUG: Loader: Injecting process 2776 (thread 1232) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,015 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,015 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,015 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:32,015 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,015 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2776
2020-02-14 15:53:32,030 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:32,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:32,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:32,030 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:32,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:32,030 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,030 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:32,030 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:32,030 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_55114797616361714522020
2020-02-14 15:53:32,030 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_55114797616361714522020 (size 0xa000)
2020-02-14 15:53:32,030 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:32,030 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:32,046 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:32,046 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:32,046 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:32,078 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_202695979216361714522020
2020-02-14 15:53:32,078 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_202695979216361714522020 (size 0x7000)
2020-02-14 15:53:32,078 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:32,078 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:32,092 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3396
2020-02-14 15:53:32,092 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,092 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,092 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,092 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,092 [root] DEBUG: Loader: Injecting process 3396 (thread 1308) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,092 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,092 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,092 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:32,092 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,092 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3396
2020-02-14 15:53:32,125 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3396
2020-02-14 15:53:32,125 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,125 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,125 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,125 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,125 [root] DEBUG: Loader: Injecting process 3396 (thread 1308) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,125 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,125 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,125 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:32,125 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,125 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3396
2020-02-14 15:53:32,140 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:32,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:32,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:32,140 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:32,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:32,140 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,140 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:32,140 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:32,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_190658140817361714522020
2020-02-14 15:53:32,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_190658140817361714522020 (size 0xa000)
2020-02-14 15:53:32,155 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:32,155 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,155 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:32,155 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:32,155 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:32,155 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:32,187 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_203596456717361714522020
2020-02-14 15:53:32,187 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_203596456717361714522020 (size 0x7000)
2020-02-14 15:53:32,187 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:32,203 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:32,217 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3492
2020-02-14 15:53:32,217 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,217 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,217 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,217 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,217 [root] DEBUG: Loader: Injecting process 3492 (thread 3540) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,217 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,217 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,217 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:32,217 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,217 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3492
2020-02-14 15:53:32,233 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3492
2020-02-14 15:53:32,250 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,250 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,250 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,250 [root] DEBUG: Loader: Injecting process 3492 (thread 3540) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,250 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,250 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,250 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:32,250 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,250 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3492
2020-02-14 15:53:32,250 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:32,250 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:32,250 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:32,250 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:32,250 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:32,250 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,265 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:32,265 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:32,265 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_193466338418361714522020
2020-02-14 15:53:32,265 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_193466338418361714522020 (size 0xa000)
2020-02-14 15:53:32,265 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:32,265 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,265 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:32,265 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:32,265 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:32,280 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:32,280 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_41046859618361714522020
2020-02-14 15:53:32,280 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_41046859618361714522020 (size 0x7000)
2020-02-14 15:53:32,280 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:32,280 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:32,296 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2232
2020-02-14 15:53:32,296 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,296 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,296 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,296 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,296 [root] DEBUG: Loader: Injecting process 2232 (thread 2476) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,296 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,296 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,296 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:32,296 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,296 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2232
2020-02-14 15:53:32,328 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2232
2020-02-14 15:53:32,328 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,328 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,328 [root] DEBUG: Loader: Injecting process 2232 (thread 2476) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,342 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,342 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,342 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:32,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2232
2020-02-14 15:53:32,342 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:32,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:32,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:32,342 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:32,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:32,342 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,342 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:32,342 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:32,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_169329673619361714522020
2020-02-14 15:53:32,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_169329673619361714522020 (size 0xa000)
2020-02-14 15:53:32,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:32,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:32,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:32,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:32,375 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:32,390 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_74275437219361714522020
2020-02-14 15:53:32,390 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_74275437219361714522020 (size 0x7000)
2020-02-14 15:53:32,390 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:32,390 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:32,405 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3124
2020-02-14 15:53:32,405 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,405 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,405 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,405 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,405 [root] DEBUG: Loader: Injecting process 3124 (thread 3304) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,405 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,421 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,421 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:32,421 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,421 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3124
2020-02-14 15:53:32,437 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3124
2020-02-14 15:53:32,437 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,437 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,437 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,437 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,437 [root] DEBUG: Loader: Injecting process 3124 (thread 3304) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,437 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,453 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,453 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:32,453 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,453 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3124
2020-02-14 15:53:32,453 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:32,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:32,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:32,453 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:32,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:32,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:32,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:32,467 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_59538074419361714522020
2020-02-14 15:53:32,467 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_59538074419361714522020 (size 0xa000)
2020-02-14 15:53:32,467 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:32,467 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:32,467 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:32,467 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:32,467 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:32,483 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_66143236819361714522020
2020-02-14 15:53:32,483 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_66143236819361714522020 (size 0x7000)
2020-02-14 15:53:32,483 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:32,483 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:32,500 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2928
2020-02-14 15:53:32,500 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,500 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,500 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,500 [root] DEBUG: Loader: Injecting process 2928 (thread 3824) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,500 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:32,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2928
2020-02-14 15:53:32,515 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2928
2020-02-14 15:53:32,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,530 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,530 [root] DEBUG: Loader: Injecting process 2928 (thread 3824) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,530 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,530 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,530 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:32,530 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2928
2020-02-14 15:53:32,530 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:32,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:32,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:32,530 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:32,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:32,530 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,530 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:32,530 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:32,546 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_168191325720361714522020
2020-02-14 15:53:32,546 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_168191325720361714522020 (size 0xa000)
2020-02-14 15:53:32,578 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:32,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:32,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:32,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:32,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:32,578 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_111428510420361714522020
2020-02-14 15:53:32,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_111428510420361714522020 (size 0x7000)
2020-02-14 15:53:32,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:32,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:32,608 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2692
2020-02-14 15:53:32,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,640 [root] DEBUG: Loader: Injecting process 2692 (thread 3800) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,640 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:32,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2692
2020-02-14 15:53:32,671 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2692
2020-02-14 15:53:32,671 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,671 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,671 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,671 [root] DEBUG: Loader: Injecting process 2692 (thread 3800) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,671 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:32,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2692
2020-02-14 15:53:32,671 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:32,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:32,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:32,671 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:32,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:32,687 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,687 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:32,687 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:32,687 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_203004733021361714522020
2020-02-14 15:53:32,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_203004733021361714522020 (size 0xa000)
2020-02-14 15:53:32,687 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:32,687 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:32,687 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:32,687 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:32,687 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:32,703 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_23517937921361714522020
2020-02-14 15:53:32,703 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_23517937921361714522020 (size 0x7000)
2020-02-14 15:53:32,703 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:32,703 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:32,717 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3464
2020-02-14 15:53:32,717 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,717 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,717 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,717 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,717 [root] DEBUG: Loader: Injecting process 3464 (thread 1812) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,717 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,717 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:32,717 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,717 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3464
2020-02-14 15:53:32,733 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3464
2020-02-14 15:53:32,733 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,733 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,733 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,750 [root] DEBUG: Loader: Injecting process 3464 (thread 1812) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,750 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,750 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,750 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:32,750 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,750 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3464
2020-02-14 15:53:32,750 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:32,750 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:32,750 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:32,750 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:32,750 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:32,750 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,750 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:32,750 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:32,765 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_211261332221361714522020
2020-02-14 15:53:32,765 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_211261332221361714522020 (size 0xa000)
2020-02-14 15:53:32,765 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:32,765 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:32,780 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:32,780 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:32,780 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:32,780 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_46590751221361714522020
2020-02-14 15:53:32,780 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_46590751221361714522020 (size 0x7000)
2020-02-14 15:53:32,780 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:32,780 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:32,796 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2648
2020-02-14 15:53:32,812 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,812 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,812 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,828 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,828 [root] DEBUG: Loader: Injecting process 2648 (thread 720) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,828 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,828 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:32,828 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,828 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2648
2020-02-14 15:53:32,842 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2648
2020-02-14 15:53:32,842 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,842 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,842 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,858 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,858 [root] DEBUG: Loader: Injecting process 2648 (thread 720) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,858 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,858 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,858 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:32,858 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,858 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2648
2020-02-14 15:53:32,858 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:32,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:32,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:32,858 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:32,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:32,858 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,875 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:32,875 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:32,875 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_53497101922361714522020
2020-02-14 15:53:32,875 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_53497101922361714522020 (size 0xa000)
2020-02-14 15:53:32,875 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:32,875 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,875 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:32,875 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:32,890 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:32,890 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:32,905 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_39045809822361714522020
2020-02-14 15:53:32,905 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_39045809822361714522020 (size 0x7000)
2020-02-14 15:53:32,905 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:32,905 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:32,921 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3908
2020-02-14 15:53:32,921 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,921 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,921 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,921 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,921 [root] DEBUG: Loader: Injecting process 3908 (thread 3808) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,921 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,921 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,921 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:32,921 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,921 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3908
2020-02-14 15:53:32,953 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3908
2020-02-14 15:53:32,953 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:32,953 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:32,953 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:32,953 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:32,953 [root] DEBUG: Loader: Injecting process 3908 (thread 3808) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,953 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:32,953 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,953 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:32,953 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:32,967 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3908
2020-02-14 15:53:32,967 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:32,967 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:32,967 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:32,967 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:32,967 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:32,967 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:32,967 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:32,967 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,000 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_77613528523361714522020
2020-02-14 15:53:33,000 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_77613528523361714522020 (size 0xa000)
2020-02-14 15:53:33,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,000 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,015 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_84318257323361714522020
2020-02-14 15:53:33,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_84318257323361714522020 (size 0x7000)
2020-02-14 15:53:33,015 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,015 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,030 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3040
2020-02-14 15:53:33,030 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,030 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,030 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,030 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,030 [root] DEBUG: Loader: Injecting process 3040 (thread 824) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,030 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,030 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,030 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,030 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,030 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3040
2020-02-14 15:53:33,062 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3040
2020-02-14 15:53:33,062 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,062 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,062 [root] DEBUG: Loader: Injecting process 3040 (thread 824) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,062 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,062 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,062 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,078 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,078 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3040
2020-02-14 15:53:33,078 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,078 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,078 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,078 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,078 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,092 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_37688577424361714522020
2020-02-14 15:53:33,092 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_37688577424361714522020 (size 0xa000)
2020-02-14 15:53:33,092 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,092 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,092 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,092 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,092 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,108 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_85966098424361714522020
2020-02-14 15:53:33,108 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_85966098424361714522020 (size 0x7000)
2020-02-14 15:53:33,108 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,108 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,125 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 256
2020-02-14 15:53:33,140 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,140 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,140 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,140 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,140 [root] DEBUG: Loader: Injecting process 256 (thread 3688) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,140 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,140 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,140 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,140 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,140 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 256
2020-02-14 15:53:33,155 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 256
2020-02-14 15:53:33,155 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,155 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,155 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,171 [root] DEBUG: Loader: Injecting process 256 (thread 3688) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,171 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,171 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 256
2020-02-14 15:53:33,171 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,171 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,171 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,171 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,171 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,171 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,171 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,171 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,187 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_95791093825361714522020
2020-02-14 15:53:33,187 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_95791093825361714522020 (size 0xa000)
2020-02-14 15:53:33,187 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,187 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,187 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,187 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,187 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,187 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,187 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_122902960225361714522020
2020-02-14 15:53:33,203 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_122902960225361714522020 (size 0x7000)
2020-02-14 15:53:33,203 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,203 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,217 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2416
2020-02-14 15:53:33,217 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,217 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,217 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,217 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,217 [root] DEBUG: Loader: Injecting process 2416 (thread 3556) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,217 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,217 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,217 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,217 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,217 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2416
2020-02-14 15:53:33,233 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2416
2020-02-14 15:53:33,233 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,233 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,233 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,250 [root] DEBUG: Loader: Injecting process 2416 (thread 3556) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,250 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,250 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,250 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,250 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,250 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2416
2020-02-14 15:53:33,250 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,250 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,250 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,250 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,250 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,250 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,250 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,250 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,265 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_164738996126361714522020
2020-02-14 15:53:33,265 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_164738996126361714522020 (size 0xa000)
2020-02-14 15:53:33,265 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,265 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,265 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,265 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,265 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,265 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,280 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_66491184026361714522020
2020-02-14 15:53:33,280 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_66491184026361714522020 (size 0x7000)
2020-02-14 15:53:33,280 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,280 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,296 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4048
2020-02-14 15:53:33,296 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,296 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,296 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,296 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,296 [root] DEBUG: Loader: Injecting process 4048 (thread 932) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,296 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,296 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,296 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,296 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,296 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4048
2020-02-14 15:53:33,328 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4048
2020-02-14 15:53:33,328 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,328 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,328 [root] DEBUG: Loader: Injecting process 4048 (thread 932) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,342 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,342 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,342 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4048
2020-02-14 15:53:33,342 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,342 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,342 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,342 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,342 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,358 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_172238383227361714522020
2020-02-14 15:53:33,358 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_172238383227361714522020 (size 0xa000)
2020-02-14 15:53:33,358 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,358 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,358 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_182438165627361714522020
2020-02-14 15:53:33,358 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_182438165627361714522020 (size 0x7000)
2020-02-14 15:53:33,358 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,358 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,375 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3528
2020-02-14 15:53:33,375 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,375 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,375 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,375 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,375 [root] DEBUG: Loader: Injecting process 3528 (thread 2180) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,375 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,375 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,375 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,375 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,375 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3528
2020-02-14 15:53:33,390 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3528
2020-02-14 15:53:33,390 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,390 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,405 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,405 [root] DEBUG: Loader: Injecting process 3528 (thread 2180) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,405 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,405 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,405 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,405 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,405 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3528
2020-02-14 15:53:33,405 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,405 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,405 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,405 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,421 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,421 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_202231872328361714522020
2020-02-14 15:53:33,421 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_202231872328361714522020 (size 0xa000)
2020-02-14 15:53:33,421 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,421 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,421 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,421 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,421 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,437 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_163136132928361714522020
2020-02-14 15:53:33,437 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_163136132928361714522020 (size 0x7000)
2020-02-14 15:53:33,437 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,437 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,453 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3604
2020-02-14 15:53:33,453 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,453 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,453 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,453 [root] DEBUG: Loader: Injecting process 3604 (thread 632) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,453 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,453 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,467 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,467 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,467 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3604
2020-02-14 15:53:33,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3604
2020-02-14 15:53:33,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,483 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,500 [root] DEBUG: Loader: Injecting process 3604 (thread 632) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,500 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3604
2020-02-14 15:53:33,500 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,500 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,515 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_151264944028361714522020
2020-02-14 15:53:33,515 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_151264944028361714522020 (size 0xa000)
2020-02-14 15:53:33,515 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,515 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,515 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,515 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,515 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,530 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_197811758128361714522020
2020-02-14 15:53:33,530 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_197811758128361714522020 (size 0x7000)
2020-02-14 15:53:33,530 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,530 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 316
2020-02-14 15:53:33,546 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,546 [root] DEBUG: Loader: Injecting process 316 (thread 100) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,546 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,546 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,546 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,546 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 316
2020-02-14 15:53:33,592 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 316
2020-02-14 15:53:33,608 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,608 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,608 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,608 [root] DEBUG: Loader: Injecting process 316 (thread 100) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,608 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,608 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,608 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,608 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,608 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 316
2020-02-14 15:53:33,608 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,608 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,608 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,608 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,608 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,608 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,625 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,625 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,625 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_88312614929361714522020
2020-02-14 15:53:33,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_88312614929361714522020 (size 0xa000)
2020-02-14 15:53:33,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,625 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,625 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,640 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,640 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,640 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_127547088029361714522020
2020-02-14 15:53:33,640 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_127547088029361714522020 (size 0x7000)
2020-02-14 15:53:33,640 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,640 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,655 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2104
2020-02-14 15:53:33,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,655 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,655 [root] DEBUG: Loader: Injecting process 2104 (thread 2456) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,655 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,655 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,655 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,655 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,655 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2104
2020-02-14 15:53:33,671 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2104
2020-02-14 15:53:33,671 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,687 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,687 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,687 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,687 [root] DEBUG: Loader: Injecting process 2104 (thread 2456) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,687 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,687 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,687 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,687 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2104
2020-02-14 15:53:33,687 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,703 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,703 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,703 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,703 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,703 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_55994466830361714522020
2020-02-14 15:53:33,703 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_55994466830361714522020 (size 0xa000)
2020-02-14 15:53:33,703 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,703 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,703 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,717 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_19792669430361714522020
2020-02-14 15:53:33,717 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_19792669430361714522020 (size 0x7000)
2020-02-14 15:53:33,717 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,717 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,733 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3884
2020-02-14 15:53:33,733 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,733 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,733 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,733 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,733 [root] DEBUG: Loader: Injecting process 3884 (thread 3816) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,733 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,733 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,733 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,733 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,733 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3884
2020-02-14 15:53:33,765 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3884
2020-02-14 15:53:33,765 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,765 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,765 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,780 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,780 [root] DEBUG: Loader: Injecting process 3884 (thread 3816) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,780 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,780 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,780 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,780 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,780 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3884
2020-02-14 15:53:33,780 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,780 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,780 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,796 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_74441596431361714522020
2020-02-14 15:53:33,796 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_74441596431361714522020 (size 0xa000)
2020-02-14 15:53:33,796 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,796 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,796 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,812 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_130090993631361714522020
2020-02-14 15:53:33,812 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_130090993631361714522020 (size 0x7000)
2020-02-14 15:53:33,812 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,812 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,828 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3404
2020-02-14 15:53:33,828 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,828 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,828 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,828 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,828 [root] DEBUG: Loader: Injecting process 3404 (thread 2140) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,828 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,828 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,828 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,828 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3404
2020-02-14 15:53:33,858 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3404
2020-02-14 15:53:33,858 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,858 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,858 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,858 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,858 [root] DEBUG: Loader: Injecting process 3404 (thread 2140) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,858 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,858 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,858 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,858 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,858 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3404
2020-02-14 15:53:33,858 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,875 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,875 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,875 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,875 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,875 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,875 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:33,905 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_109302853832361714522020
2020-02-14 15:53:33,905 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_109302853832361714522020 (size 0xa000)
2020-02-14 15:53:33,905 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:33,905 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:33,905 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:33,905 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:33,905 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:33,921 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_49455384532361714522020
2020-02-14 15:53:33,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_49455384532361714522020 (size 0x7000)
2020-02-14 15:53:33,921 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:33,921 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:33,937 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1676
2020-02-14 15:53:33,937 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,937 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,937 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,937 [root] DEBUG: Loader: Injecting process 1676 (thread 2096) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,937 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,937 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,937 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:33,937 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,937 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1676
2020-02-14 15:53:33,967 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1676
2020-02-14 15:53:33,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:33,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:33,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:33,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:33,967 [root] DEBUG: Loader: Injecting process 1676 (thread 2096) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,967 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:33,967 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,967 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:33,967 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:33,967 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1676
2020-02-14 15:53:33,983 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:33,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:33,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:33,983 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:33,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:33,983 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:33,983 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:33,983 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:34,000 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_57724149433361714522020
2020-02-14 15:53:34,000 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_57724149433361714522020 (size 0xa000)
2020-02-14 15:53:34,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:34,000 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:34,015 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:34,015 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:34,015 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:34,015 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_184284678633361714522020
2020-02-14 15:53:34,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_184284678633361714522020 (size 0x7000)
2020-02-14 15:53:34,015 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:34,015 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:34,030 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2688
2020-02-14 15:53:34,030 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,030 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,030 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,030 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,030 [root] DEBUG: Loader: Injecting process 2688 (thread 1652) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,030 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,030 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,030 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:34,030 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,030 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2688
2020-02-14 15:53:34,062 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2688
2020-02-14 15:53:34,062 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,062 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,062 [root] DEBUG: Loader: Injecting process 2688 (thread 1652) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,062 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,062 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,062 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:34,062 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,062 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2688
2020-02-14 15:53:34,062 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:34,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:34,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:34,078 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:34,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:34,078 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,078 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:34,078 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:34,078 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_147663372434361714522020
2020-02-14 15:53:34,092 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_147663372434361714522020 (size 0xa000)
2020-02-14 15:53:34,092 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:34,092 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:34,092 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:34,092 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:34,092 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:34,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_110359215334361714522020
2020-02-14 15:53:34,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_110359215334361714522020 (size 0x7000)
2020-02-14 15:53:34,140 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:34,140 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:34,155 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2312
2020-02-14 15:53:34,155 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,155 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,155 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,155 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,155 [root] DEBUG: Loader: Injecting process 2312 (thread 2228) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,155 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,155 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,155 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:34,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,171 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2312
2020-02-14 15:53:34,187 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2312
2020-02-14 15:53:34,187 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,187 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,187 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,203 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,203 [root] DEBUG: Loader: Injecting process 2312 (thread 2228) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,203 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,203 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,203 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:34,203 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,203 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2312
2020-02-14 15:53:34,203 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:34,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:34,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:34,203 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:34,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:34,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,217 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:34,217 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:34,217 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_16722867734361714522020
2020-02-14 15:53:34,217 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_16722867734361714522020 (size 0xa000)
2020-02-14 15:53:34,217 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:34,217 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:34,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:34,233 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:34,233 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:34,233 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_213176665834361714522020
2020-02-14 15:53:34,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_213176665834361714522020 (size 0x7000)
2020-02-14 15:53:34,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:34,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:34,250 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1028
2020-02-14 15:53:34,250 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,250 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,250 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,250 [root] DEBUG: Loader: Injecting process 1028 (thread 1328) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,250 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,250 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,250 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:34,250 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,250 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1028
2020-02-14 15:53:34,280 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1028
2020-02-14 15:53:34,280 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,280 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,280 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,280 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,280 [root] DEBUG: Loader: Injecting process 1028 (thread 1328) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,280 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,280 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,280 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:34,280 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,280 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1028
2020-02-14 15:53:34,296 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:34,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:34,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:34,296 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:34,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:34,296 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,296 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:34,296 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:34,296 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_8920867835361714522020
2020-02-14 15:53:34,296 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_8920867835361714522020 (size 0xa000)
2020-02-14 15:53:34,296 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:34,296 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:34,296 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:34,312 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:34,312 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:34,312 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_63496210035361714522020
2020-02-14 15:53:34,312 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_63496210035361714522020 (size 0x7000)
2020-02-14 15:53:34,312 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:34,312 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:34,328 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1200
2020-02-14 15:53:34,328 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,328 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,328 [root] DEBUG: Loader: Injecting process 1200 (thread 1904) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,328 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,328 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:34,328 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,328 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1200
2020-02-14 15:53:34,342 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 1200
2020-02-14 15:53:34,342 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,342 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,342 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,358 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,358 [root] DEBUG: Loader: Injecting process 1200 (thread 1904) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,358 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,358 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,358 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:34,358 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,358 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1200
2020-02-14 15:53:34,358 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:34,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:34,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:34,358 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:34,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:34,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:34,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:34,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_25497124336361714522020
2020-02-14 15:53:34,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_25497124336361714522020 (size 0xa000)
2020-02-14 15:53:34,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:34,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:34,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:34,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:34,375 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:34,390 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_131832903436361714522020
2020-02-14 15:53:34,390 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_131832903436361714522020 (size 0x7000)
2020-02-14 15:53:34,390 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:34,390 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:34,405 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2932
2020-02-14 15:53:34,405 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,405 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,405 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,405 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,405 [root] DEBUG: Loader: Injecting process 2932 (thread 2660) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,405 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,405 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,405 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:34,405 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,405 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2932
2020-02-14 15:53:34,437 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2932
2020-02-14 15:53:34,437 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,437 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,437 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,437 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,437 [root] DEBUG: Loader: Injecting process 2932 (thread 2660) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,437 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,437 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,437 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:34,437 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2932
2020-02-14 15:53:34,437 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:34,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:34,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:34,437 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:34,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:34,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:34,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:34,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_119679002437361714522020
2020-02-14 15:53:34,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_119679002437361714522020 (size 0xa000)
2020-02-14 15:53:34,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:34,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:34,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:34,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:34,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:34,467 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_37451238037361714522020
2020-02-14 15:53:34,467 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_37451238037361714522020 (size 0x7000)
2020-02-14 15:53:34,467 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:34,467 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:34,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3044
2020-02-14 15:53:34,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,483 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,483 [root] DEBUG: Loader: Injecting process 3044 (thread 1136) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,483 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,483 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,483 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:34,483 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,483 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3044
2020-02-14 15:53:34,515 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 3044
2020-02-14 15:53:34,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,515 [root] DEBUG: Loader: Injecting process 3044 (thread 1136) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,515 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,515 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:34,530 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3044
2020-02-14 15:53:34,530 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:34,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:34,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:34,530 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:34,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:34,530 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,530 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:34,530 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:34,546 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_153440682038361714522020
2020-02-14 15:53:34,546 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_153440682038361714522020 (size 0xa000)
2020-02-14 15:53:34,546 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:34,546 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:34,546 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:34,546 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:34,546 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:34,562 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_117526645638361714522020
2020-02-14 15:53:34,562 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_117526645638361714522020 (size 0x7000)
2020-02-14 15:53:34,562 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:34,562 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:34,578 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2708
2020-02-14 15:53:34,578 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,578 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,578 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,578 [root] DEBUG: Loader: Injecting process 2708 (thread 2168) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,578 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,578 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,578 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:34,578 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,578 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2708
2020-02-14 15:53:34,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 2708
2020-02-14 15:53:34,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,625 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,625 [root] DEBUG: Loader: Injecting process 2708 (thread 2168) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,625 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,640 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:34,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2708
2020-02-14 15:53:34,640 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:34,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:34,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:34,640 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:34,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:34,640 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,640 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:34,640 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:34,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_11343987039361714522020
2020-02-14 15:53:34,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_11343987039361714522020 (size 0xa000)
2020-02-14 15:53:34,655 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:34,655 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:34,655 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:34,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:34,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:34,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_50215843239361714522020
2020-02-14 15:53:34,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_50215843239361714522020 (size 0x7000)
2020-02-14 15:53:34,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:34,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:34,687 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4248
2020-02-14 15:53:34,687 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,687 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,687 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,687 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,687 [root] DEBUG: Loader: Injecting process 4248 (thread 4252) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,687 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,687 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,687 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:34,687 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4248
2020-02-14 15:53:34,717 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4248
2020-02-14 15:53:34,717 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,717 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,717 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,717 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,717 [root] DEBUG: Loader: Injecting process 4248 (thread 4252) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,717 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,717 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:34,733 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,733 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4248
2020-02-14 15:53:34,733 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:34,733 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:34,733 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:34,733 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:34,733 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:34,733 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,733 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:34,733 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:34,750 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_89319815140361714522020
2020-02-14 15:53:34,750 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_89319815140361714522020 (size 0xa000)
2020-02-14 15:53:34,750 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:34,750 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,750 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:34,750 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:34,750 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:34,750 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:34,842 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_31695344240361714522020
2020-02-14 15:53:34,842 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_31695344240361714522020 (size 0x7000)
2020-02-14 15:53:34,842 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:34,842 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:34,875 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4428
2020-02-14 15:53:34,875 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,875 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,875 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,875 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,875 [root] DEBUG: Loader: Injecting process 4428 (thread 4432) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,875 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,875 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,875 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:34,875 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,890 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4428
2020-02-14 15:53:34,890 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4428
2020-02-14 15:53:34,905 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:34,905 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:34,905 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:34,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:34,937 [root] DEBUG: Loader: Injecting process 4428 (thread 4432) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,937 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:34,937 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,937 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:34,937 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:34,937 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4428
2020-02-14 15:53:34,937 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:34,937 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:34,937 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:34,937 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:34,937 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:34,937 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,937 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:34,953 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:34,953 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_105513267341361714522020
2020-02-14 15:53:34,953 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_105513267341361714522020 (size 0xa000)
2020-02-14 15:53:34,953 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:34,953 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:34,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:34,953 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:34,967 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:34,967 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:35,000 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_116620084841361714522020
2020-02-14 15:53:35,000 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_116620084841361714522020 (size 0x7000)
2020-02-14 15:53:35,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:35,015 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:35,030 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4604
2020-02-14 15:53:35,030 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,030 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,030 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,030 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,030 [root] DEBUG: Loader: Injecting process 4604 (thread 4608) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,030 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,030 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,030 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:35,030 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,030 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4604
2020-02-14 15:53:35,046 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4604
2020-02-14 15:53:35,062 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,062 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,062 [root] DEBUG: Loader: Injecting process 4604 (thread 4608) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,062 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,062 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,062 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:35,062 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,062 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4604
2020-02-14 15:53:35,062 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:35,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:35,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:35,062 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:35,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:35,062 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,062 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:35,062 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:35,092 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_128206036742361714522020
2020-02-14 15:53:35,092 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_128206036742361714522020 (size 0xa000)
2020-02-14 15:53:35,092 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:35,092 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:35,092 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:35,092 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:35,092 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:35,108 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_175637041042361714522020
2020-02-14 15:53:35,108 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_175637041042361714522020 (size 0x7000)
2020-02-14 15:53:35,108 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:35,108 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:35,125 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4780
2020-02-14 15:53:35,125 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,125 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,125 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,125 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,140 [root] DEBUG: Loader: Injecting process 4780 (thread 4784) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,140 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,140 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,140 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:35,140 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,140 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4780
2020-02-14 15:53:35,155 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4780
2020-02-14 15:53:35,155 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,155 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,155 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,171 [root] DEBUG: Loader: Injecting process 4780 (thread 4784) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,171 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:35,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,171 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4780
2020-02-14 15:53:35,171 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:35,171 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:35,171 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:35,171 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:35,171 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:35,171 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,171 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:35,171 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:35,187 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_51835088843361714522020
2020-02-14 15:53:35,187 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_51835088843361714522020 (size 0xa000)
2020-02-14 15:53:35,187 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:35,187 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,187 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:35,187 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:35,187 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:35,187 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:35,203 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_125162001543361714522020
2020-02-14 15:53:35,203 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_125162001543361714522020 (size 0x7000)
2020-02-14 15:53:35,203 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:35,203 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:35,217 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4956
2020-02-14 15:53:35,217 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,217 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,217 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,217 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,217 [root] DEBUG: Loader: Injecting process 4956 (thread 4960) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,217 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,217 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,217 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:35,217 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,217 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4956
2020-02-14 15:53:35,250 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4956
2020-02-14 15:53:35,250 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,250 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,250 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,250 [root] DEBUG: Loader: Injecting process 4956 (thread 4960) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,250 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,250 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,265 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:35,265 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,265 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4956
2020-02-14 15:53:35,265 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:35,265 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:35,265 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:35,265 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:35,265 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:35,265 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,265 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:35,265 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:35,265 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_142322908444361714522020
2020-02-14 15:53:35,280 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_142322908444361714522020 (size 0xa000)
2020-02-14 15:53:35,280 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:35,280 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,280 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:35,280 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:35,280 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:35,280 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:35,280 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_38733615544361714522020
2020-02-14 15:53:35,280 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_38733615544361714522020 (size 0x7000)
2020-02-14 15:53:35,280 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:35,296 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:35,312 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5148
2020-02-14 15:53:35,312 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,312 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,312 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,328 [root] DEBUG: Loader: Injecting process 5148 (thread 5152) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,328 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,328 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:35,328 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,328 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5148
2020-02-14 15:53:35,342 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5148
2020-02-14 15:53:35,342 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,342 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,342 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,342 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,342 [root] DEBUG: Loader: Injecting process 5148 (thread 5152) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,342 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,342 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,342 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:35,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5148
2020-02-14 15:53:35,342 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:35,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:35,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:35,358 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:35,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:35,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:35,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:35,358 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_209640447244361714522020
2020-02-14 15:53:35,358 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_209640447244361714522020 (size 0xa000)
2020-02-14 15:53:35,358 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:35,358 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:35,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:35,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:35,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:35,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_110675747244361714522020
2020-02-14 15:53:35,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_110675747244361714522020 (size 0x7000)
2020-02-14 15:53:35,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:35,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:35,390 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5324
2020-02-14 15:53:35,390 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,390 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,390 [root] DEBUG: Loader: Injecting process 5324 (thread 5328) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,390 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,390 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,390 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:35,390 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,390 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5324
2020-02-14 15:53:35,421 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5324
2020-02-14 15:53:35,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,421 [root] DEBUG: Loader: Injecting process 5324 (thread 5328) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,421 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,421 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,421 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:35,421 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,421 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5324
2020-02-14 15:53:35,437 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:35,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:35,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:35,437 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:35,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:35,437 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,437 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:35,437 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:35,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_109195268045361714522020
2020-02-14 15:53:35,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_109195268045361714522020 (size 0xa000)
2020-02-14 15:53:35,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:35,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:35,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:35,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:35,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:35,483 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_45331245245361714522020
2020-02-14 15:53:35,483 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_45331245245361714522020 (size 0x7000)
2020-02-14 15:53:35,483 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:35,483 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:35,500 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5500
2020-02-14 15:53:35,500 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,500 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,500 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,500 [root] DEBUG: Loader: Injecting process 5500 (thread 5504) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,500 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:35,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5500
2020-02-14 15:53:35,515 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5500
2020-02-14 15:53:35,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,530 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,530 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,530 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,530 [root] DEBUG: Loader: Injecting process 5500 (thread 5504) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,530 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,530 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,530 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:35,530 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5500
2020-02-14 15:53:35,530 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:35,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:35,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:35,530 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:35,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:35,546 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,546 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:35,546 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:35,578 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_102444205646361714522020
2020-02-14 15:53:35,578 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_102444205646361714522020 (size 0xa000)
2020-02-14 15:53:35,578 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:35,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:35,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:35,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:35,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:35,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_32029946446361714522020
2020-02-14 15:53:35,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_32029946446361714522020 (size 0x7000)
2020-02-14 15:53:35,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:35,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:35,608 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5676
2020-02-14 15:53:35,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,640 [root] DEBUG: Loader: Injecting process 5676 (thread 5680) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,640 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:35,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5676
2020-02-14 15:53:35,655 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5676
2020-02-14 15:53:35,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,671 [root] DEBUG: Loader: Injecting process 5676 (thread 5680) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,671 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:35,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5676
2020-02-14 15:53:35,671 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:35,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:35,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:35,671 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:35,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:35,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:35,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:35,937 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_147567905447361714522020
2020-02-14 15:53:35,937 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_147567905447361714522020 (size 0xa000)
2020-02-14 15:53:35,937 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:35,937 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:35,937 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:35,937 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:35,953 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:35,953 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:35,953 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_196903103447361714522020
2020-02-14 15:53:35,953 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_196903103447361714522020 (size 0x7000)
2020-02-14 15:53:35,953 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:35,953 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:35,967 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5852
2020-02-14 15:53:35,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:35,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:35,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:35,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:35,967 [root] DEBUG: Loader: Injecting process 5852 (thread 5856) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,967 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:35,967 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,967 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:35,967 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:35,967 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5852
2020-02-14 15:53:35,983 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5852
2020-02-14 15:53:35,983 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:36,000 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:36,000 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:36,000 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:36,000 [root] DEBUG: Loader: Injecting process 5852 (thread 5856) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,000 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:36,000 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,000 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:36,000 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,000 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5852
2020-02-14 15:53:36,000 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:36,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:36,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:36,000 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:36,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:36,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:36,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:36,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:36,250 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_140523428048361714522020
2020-02-14 15:53:36,250 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_140523428048361714522020 (size 0xa000)
2020-02-14 15:53:36,250 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:36,250 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:36,250 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:36,250 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:36,250 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:36,250 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:36,265 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_176189028548361714522020
2020-02-14 15:53:36,265 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_176189028548361714522020 (size 0x7000)
2020-02-14 15:53:36,265 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:36,265 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:36,280 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6028
2020-02-14 15:53:36,296 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:36,296 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:36,312 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:36,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:36,312 [root] DEBUG: Loader: Injecting process 6028 (thread 6032) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,312 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:36,312 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,312 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:36,312 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,312 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6028
2020-02-14 15:53:36,342 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6028
2020-02-14 15:53:36,342 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:36,342 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:36,342 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:36,342 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:36,342 [root] DEBUG: Loader: Injecting process 6028 (thread 6032) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,342 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:36,342 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,342 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:36,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6028
2020-02-14 15:53:36,342 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:36,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:36,342 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:36,342 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:36,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:36,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:36,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:36,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:36,358 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_55642544749361714522020
2020-02-14 15:53:36,358 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_55642544749361714522020 (size 0xa000)
2020-02-14 15:53:36,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:36,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:36,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:36,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:36,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:36,375 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:36,500 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_125473135249361714522020
2020-02-14 15:53:36,500 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_125473135249361714522020 (size 0x7000)
2020-02-14 15:53:36,500 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:36,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:36,515 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4164
2020-02-14 15:53:36,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:36,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:36,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:36,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:36,515 [root] DEBUG: Loader: Injecting process 4164 (thread 4168) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,515 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:36,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,515 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:36,515 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4164
2020-02-14 15:53:36,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4164
2020-02-14 15:53:36,546 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:36,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:36,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:36,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:36,546 [root] DEBUG: Loader: Injecting process 4164 (thread 4168) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,546 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:36,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,546 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:36,546 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,546 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4164
2020-02-14 15:53:36,562 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:36,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:36,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:36,562 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:36,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:36,562 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:36,562 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:36,562 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:36,562 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_62173216850361714522020
2020-02-14 15:53:36,562 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_62173216850361714522020 (size 0xa000)
2020-02-14 15:53:36,562 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:36,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:36,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:36,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:36,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:36,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:36,578 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_62420809650361714522020
2020-02-14 15:53:36,578 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_62420809650361714522020 (size 0x7000)
2020-02-14 15:53:36,578 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:36,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:36,608 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4356
2020-02-14 15:53:36,608 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:36,608 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:36,608 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:36,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:36,608 [root] DEBUG: Loader: Injecting process 4356 (thread 4360) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,608 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:36,608 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,608 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:36,608 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,608 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4356
2020-02-14 15:53:36,655 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4356
2020-02-14 15:53:36,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:36,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:36,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:36,655 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:36,655 [root] DEBUG: Loader: Injecting process 4356 (thread 4360) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,655 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:36,655 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,655 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:36,655 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:36,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4356
2020-02-14 15:53:36,671 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:36,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:36,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:36,671 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:36,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:36,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:36,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:36,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:37,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_186551177450361714522020
2020-02-14 15:53:37,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_186551177450361714522020 (size 0xa000)
2020-02-14 15:53:37,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:37,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:37,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:37,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:37,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:37,375 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:37,437 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_27069004351361714522020
2020-02-14 15:53:37,437 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_27069004351361714522020 (size 0x7000)
2020-02-14 15:53:37,437 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:37,437 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:37,453 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4552
2020-02-14 15:53:37,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:37,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:37,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:37,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:37,530 [root] DEBUG: Loader: Injecting process 4552 (thread 4556) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,530 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:37,530 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,530 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:37,530 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4552
2020-02-14 15:53:37,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4552
2020-02-14 15:53:37,562 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:37,562 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:37,562 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:37,562 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:37,562 [root] DEBUG: Loader: Injecting process 4552 (thread 4556) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,562 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:37,562 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,562 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:37,562 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,562 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4552
2020-02-14 15:53:37,562 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:37,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:37,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:37,562 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:37,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:37,562 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:37,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:37,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:37,578 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_49822485052361714522020
2020-02-14 15:53:37,578 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_49822485052361714522020 (size 0xa000)
2020-02-14 15:53:37,578 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:37,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:37,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:37,578 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:37,578 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:37,578 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:37,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_24839524552361714522020
2020-02-14 15:53:37,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_24839524552361714522020 (size 0x7000)
2020-02-14 15:53:37,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:37,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:37,608 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4744
2020-02-14 15:53:37,608 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:37,608 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:37,608 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:37,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:37,608 [root] DEBUG: Loader: Injecting process 4744 (thread 4748) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,608 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:37,608 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,608 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:37,608 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,625 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4744
2020-02-14 15:53:37,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4744
2020-02-14 15:53:37,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:37,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:37,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:37,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:37,640 [root] DEBUG: Loader: Injecting process 4744 (thread 4748) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:37,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,640 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:37,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,655 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4744
2020-02-14 15:53:37,671 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:37,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:37,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:37,671 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:37,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:37,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:37,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:37,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:37,765 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_56915750453361714522020
2020-02-14 15:53:37,765 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_56915750453361714522020 (size 0xa000)
2020-02-14 15:53:37,765 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:37,765 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:37,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:37,765 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:37,765 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:37,765 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:37,765 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_12645430053361714522020
2020-02-14 15:53:37,765 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_12645430053361714522020 (size 0x7000)
2020-02-14 15:53:37,765 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:37,765 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:37,796 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4984
2020-02-14 15:53:37,875 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:37,875 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:37,875 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:37,875 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:37,875 [root] DEBUG: Loader: Injecting process 4984 (thread 4988) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,875 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:37,875 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,875 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:37,875 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,890 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4984
2020-02-14 15:53:37,905 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4984
2020-02-14 15:53:37,905 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:37,905 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:37,905 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:37,905 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:37,905 [root] DEBUG: Loader: Injecting process 4984 (thread 4988) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,905 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:37,905 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,905 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:37,905 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,905 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4984
2020-02-14 15:53:37,921 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:37,921 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:37,921 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:37,921 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:37,921 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:37,921 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:37,921 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:37,921 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:37,921 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_170790546754361714522020
2020-02-14 15:53:37,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_170790546754361714522020 (size 0xa000)
2020-02-14 15:53:37,921 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:37,937 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:37,937 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:37,937 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:37,937 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:37,937 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:37,937 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_203559517354361714522020
2020-02-14 15:53:37,937 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_203559517354361714522020 (size 0x7000)
2020-02-14 15:53:37,937 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:37,937 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:37,953 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5220
2020-02-14 15:53:37,953 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:37,953 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:37,953 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:37,953 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:37,953 [root] DEBUG: Loader: Injecting process 5220 (thread 5224) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,953 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:37,953 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,953 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:37,953 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,953 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5220
2020-02-14 15:53:37,967 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5220
2020-02-14 15:53:37,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:37,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:37,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:37,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:37,983 [root] DEBUG: Loader: Injecting process 5220 (thread 5224) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,983 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:37,983 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,983 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:37,983 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:37,983 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5220
2020-02-14 15:53:37,983 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:37,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:37,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:37,983 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:37,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:37,983 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:37,983 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:37,983 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:38,000 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_197536209655361714522020
2020-02-14 15:53:38,000 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_197536209655361714522020 (size 0xa000)
2020-02-14 15:53:38,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:38,000 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:38,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:38,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:38,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:38,000 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_46158872855361714522020
2020-02-14 15:53:38,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_46158872855361714522020 (size 0x7000)
2020-02-14 15:53:38,015 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:38,015 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:38,030 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5388
2020-02-14 15:53:38,030 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,030 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,030 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,030 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,030 [root] DEBUG: Loader: Injecting process 5388 (thread 5376) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,030 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,030 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,030 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:38,030 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,046 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5388
2020-02-14 15:53:38,062 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5388
2020-02-14 15:53:38,062 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,062 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,062 [root] DEBUG: Loader: Injecting process 5388 (thread 5376) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,062 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,062 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,062 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:38,062 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,062 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5388
2020-02-14 15:53:38,078 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:38,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:38,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:38,078 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:38,078 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:38,078 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,078 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:38,078 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:38,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_160010036456361714522020
2020-02-14 15:53:38,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_160010036456361714522020 (size 0xa000)
2020-02-14 15:53:38,155 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:38,155 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,155 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:38,155 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:38,155 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:38,155 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:38,155 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_53246244856361714522020
2020-02-14 15:53:38,155 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_53246244856361714522020 (size 0x7000)
2020-02-14 15:53:38,155 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:38,171 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:38,187 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5592
2020-02-14 15:53:38,187 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,187 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,187 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,187 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,187 [root] DEBUG: Loader: Injecting process 5592 (thread 5596) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,187 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,187 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,187 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:38,187 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,187 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5592
2020-02-14 15:53:38,217 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5592
2020-02-14 15:53:38,217 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,217 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,217 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,217 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,217 [root] DEBUG: Loader: Injecting process 5592 (thread 5596) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,217 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,233 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,233 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:38,233 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,233 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5592
2020-02-14 15:53:38,233 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:38,233 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:38,233 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:38,233 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:38,233 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:38,233 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,233 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:38,233 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:38,250 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_78283075956361714522020
2020-02-14 15:53:38,250 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_78283075956361714522020 (size 0xa000)
2020-02-14 15:53:38,250 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:38,250 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,250 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:38,250 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:38,250 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:38,250 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:38,265 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_878729356361714522020
2020-02-14 15:53:38,265 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_878729356361714522020 (size 0x7000)
2020-02-14 15:53:38,265 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:38,265 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:38,280 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5784
2020-02-14 15:53:38,280 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,280 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,280 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,280 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,280 [root] DEBUG: Loader: Injecting process 5784 (thread 5788) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,280 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,280 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,280 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:38,280 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,296 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5784
2020-02-14 15:53:38,312 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5784
2020-02-14 15:53:38,312 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,312 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,312 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,312 [root] DEBUG: Loader: Injecting process 5784 (thread 5788) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,312 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,328 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:38,328 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,328 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5784
2020-02-14 15:53:38,328 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:38,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:38,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:38,328 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:38,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:38,328 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,328 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:38,328 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:38,358 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_130620800157361714522020
2020-02-14 15:53:38,358 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_130620800157361714522020 (size 0xa000)
2020-02-14 15:53:38,358 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:38,358 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:38,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:38,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:38,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:38,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_172990872057361714522020
2020-02-14 15:53:38,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_172990872057361714522020 (size 0x7000)
2020-02-14 15:53:38,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:38,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:38,390 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5976
2020-02-14 15:53:38,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,437 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,437 [root] DEBUG: Loader: Injecting process 5976 (thread 5980) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,437 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,483 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,515 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:38,515 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5976
2020-02-14 15:53:38,562 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5976
2020-02-14 15:53:38,562 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,562 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,562 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,592 [root] DEBUG: Loader: Injecting process 5976 (thread 5980) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,592 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,592 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,592 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:38,592 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,592 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5976
2020-02-14 15:53:38,592 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:38,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:38,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:38,592 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:38,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:38,592 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,592 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:38,592 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:38,625 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_167587838458361714522020
2020-02-14 15:53:38,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_167587838458361714522020 (size 0xa000)
2020-02-14 15:53:38,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:38,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,625 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:38,625 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:38,625 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:38,625 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:38,640 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_134645872658361714522020
2020-02-14 15:53:38,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_134645872658361714522020 (size 0x7000)
2020-02-14 15:53:38,703 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:38,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:38,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4120
2020-02-14 15:53:38,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,750 [root] DEBUG: Loader: Injecting process 4120 (thread 4140) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,750 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,750 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,750 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:38,750 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,750 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4120
2020-02-14 15:53:38,780 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4120
2020-02-14 15:53:38,780 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,780 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,780 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,780 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,780 [root] DEBUG: Loader: Injecting process 4120 (thread 4140) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,780 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,780 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,780 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:38,780 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,780 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4120
2020-02-14 15:53:38,780 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:38,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:38,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:38,796 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:38,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:38,796 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:38,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:38,875 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_178984528059361714522020
2020-02-14 15:53:38,875 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_178984528059361714522020 (size 0xa000)
2020-02-14 15:53:38,875 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:38,875 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:38,875 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:38,875 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:38,875 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:38,875 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:38,890 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_49068823759361714522020
2020-02-14 15:53:38,890 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_49068823759361714522020 (size 0x7000)
2020-02-14 15:53:38,890 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:38,890 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:38,905 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4344
2020-02-14 15:53:38,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:38,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:38,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:38,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:38,967 [root] DEBUG: Loader: Injecting process 4344 (thread 4348) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,967 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:38,967 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,967 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:38,967 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:38,967 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4344
2020-02-14 15:53:39,000 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4344
2020-02-14 15:53:39,000 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:39,000 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:39,000 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:39,000 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:39,000 [root] DEBUG: Loader: Injecting process 4344 (thread 4348) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,000 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:39,000 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,000 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:39,000 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,015 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4344
2020-02-14 15:53:39,015 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:39,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:39,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:39,015 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:39,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:39,015 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:39,015 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:39,015 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:39,015 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_42914097259361714522020
2020-02-14 15:53:39,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_42914097259361714522020 (size 0xa000)
2020-02-14 15:53:39,015 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:39,030 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:39,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:39,030 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:39,030 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:39,030 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:39,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_112101975059361714522020
2020-02-14 15:53:39,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_112101975059361714522020 (size 0x7000)
2020-02-14 15:53:39,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:39,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:39,467 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4584
2020-02-14 15:53:39,467 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:39,467 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:39,467 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:39,467 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:39,467 [root] DEBUG: Loader: Injecting process 4584 (thread 4588) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,467 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:39,467 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,467 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:39,467 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,467 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4584
2020-02-14 15:53:39,500 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4584
2020-02-14 15:53:39,500 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:39,500 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:39,500 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:39,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:39,500 [root] DEBUG: Loader: Injecting process 4584 (thread 4588) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:39,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,500 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:39,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4584
2020-02-14 15:53:39,515 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:39,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:39,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:39,515 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:39,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:39,515 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:39,515 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:39,515 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:39,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_12355749401371714522020
2020-02-14 15:53:39,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_12355749401371714522020 (size 0xa000)
2020-02-14 15:53:39,655 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:39,655 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:39,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:39,655 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:39,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:39,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:39,796 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_12219395361371714522020
2020-02-14 15:53:39,796 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_12219395361371714522020 (size 0x7000)
2020-02-14 15:53:39,796 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:39,796 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:39,812 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4764
2020-02-14 15:53:39,905 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:39,905 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:39,905 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:39,905 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:39,905 [root] DEBUG: Loader: Injecting process 4764 (thread 4768) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,905 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:39,921 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,921 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:39,921 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,921 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4764
2020-02-14 15:53:39,953 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4764
2020-02-14 15:53:39,953 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:39,953 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:39,953 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:39,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:39,967 [root] DEBUG: Loader: Injecting process 4764 (thread 4768) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,967 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:39,967 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,967 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:39,967 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:39,967 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4764
2020-02-14 15:53:39,967 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:39,967 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:39,967 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:39,983 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:39,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:39,983 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:39,983 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:39,983 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:39,983 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_12599420162371714522020
2020-02-14 15:53:39,983 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_12599420162371714522020 (size 0xa000)
2020-02-14 15:53:40,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:40,000 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:40,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:40,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:40,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:40,015 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_21315011362371714522020
2020-02-14 15:53:40,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_21315011362371714522020 (size 0x7000)
2020-02-14 15:53:40,015 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:40,015 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:40,030 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5064
2020-02-14 15:53:40,046 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,046 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,046 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,046 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,046 [root] DEBUG: Loader: Injecting process 5064 (thread 5068) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,046 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,046 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,046 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:40,046 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,062 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5064
2020-02-14 15:53:40,078 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5064
2020-02-14 15:53:40,078 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,078 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,078 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,092 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,092 [root] DEBUG: Loader: Injecting process 5064 (thread 5068) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,092 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,092 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,092 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:40,092 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,092 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5064
2020-02-14 15:53:40,092 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:40,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:40,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:40,092 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:40,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:40,092 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,092 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:40,092 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:40,108 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_16660485723371714522020
2020-02-14 15:53:40,108 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_16660485723371714522020 (size 0xa000)
2020-02-14 15:53:40,108 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:40,108 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:40,108 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:40,108 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:40,108 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:40,125 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_3471569883371714522020
2020-02-14 15:53:40,125 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_3471569883371714522020 (size 0x7000)
2020-02-14 15:53:40,125 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:40,125 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:40,140 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5288
2020-02-14 15:53:40,140 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,140 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,140 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,140 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,140 [root] DEBUG: Loader: Injecting process 5288 (thread 5264) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,140 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,140 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,140 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:40,140 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,140 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5288
2020-02-14 15:53:40,171 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5288
2020-02-14 15:53:40,171 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,171 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,171 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,171 [root] DEBUG: Loader: Injecting process 5288 (thread 5264) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,171 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:40,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,171 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5288
2020-02-14 15:53:40,171 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:40,171 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:40,171 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:40,171 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:40,187 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:40,187 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,187 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:40,187 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:40,187 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_15200046644371714522020
2020-02-14 15:53:40,187 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_15200046644371714522020 (size 0xa000)
2020-02-14 15:53:40,187 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:40,187 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,187 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:40,187 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:40,187 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:40,187 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:40,203 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_16793832444371714522020
2020-02-14 15:53:40,203 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_16793832444371714522020 (size 0x7000)
2020-02-14 15:53:40,203 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:40,203 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:40,217 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5456
2020-02-14 15:53:40,217 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,217 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,217 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,217 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,217 [root] DEBUG: Loader: Injecting process 5456 (thread 5488) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,217 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,217 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,217 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:40,217 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,217 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5456
2020-02-14 15:53:40,233 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5456
2020-02-14 15:53:40,250 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,250 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,250 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,250 [root] DEBUG: Loader: Injecting process 5456 (thread 5488) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,250 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,250 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,250 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:40,250 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,250 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5456
2020-02-14 15:53:40,250 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:40,250 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:40,265 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:40,265 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:40,265 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:40,265 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,265 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:40,265 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:40,265 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_2176449205371714522020
2020-02-14 15:53:40,265 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_2176449205371714522020 (size 0xa000)
2020-02-14 15:53:40,280 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:40,280 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,280 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:40,280 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:40,280 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:40,280 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:40,280 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_17819004325371714522020
2020-02-14 15:53:40,280 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_17819004325371714522020 (size 0x7000)
2020-02-14 15:53:40,280 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:40,296 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:40,312 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5720
2020-02-14 15:53:40,312 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,312 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,312 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,312 [root] DEBUG: Loader: Injecting process 5720 (thread 5696) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,312 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,312 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,312 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:40,312 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,312 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5720
2020-02-14 15:53:40,342 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5720
2020-02-14 15:53:40,342 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,342 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,342 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,342 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,342 [root] DEBUG: Loader: Injecting process 5720 (thread 5696) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,342 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,342 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,342 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:40,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5720
2020-02-14 15:53:40,358 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:40,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:40,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:40,358 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:40,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:40,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:40,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:40,358 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_12996210156371714522020
2020-02-14 15:53:40,358 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_12996210156371714522020 (size 0xa000)
2020-02-14 15:53:40,358 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:40,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:40,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:40,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:40,375 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:40,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_11670438146371714522020
2020-02-14 15:53:40,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_11670438146371714522020 (size 0x7000)
2020-02-14 15:53:40,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:40,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:40,405 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5932
2020-02-14 15:53:40,405 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,405 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,405 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,405 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,405 [root] DEBUG: Loader: Injecting process 5932 (thread 1348) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,405 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,405 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,405 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:40,421 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,421 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5932
2020-02-14 15:53:40,437 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5932
2020-02-14 15:53:40,437 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,437 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,437 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,437 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,437 [root] DEBUG: Loader: Injecting process 5932 (thread 1348) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,437 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,437 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,437 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:40,437 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,453 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5932
2020-02-14 15:53:40,453 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:40,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:40,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:40,453 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:40,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:40,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:40,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:40,467 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_8311772327371714522020
2020-02-14 15:53:40,467 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_8311772327371714522020 (size 0xa000)
2020-02-14 15:53:40,467 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:40,467 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:40,467 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:40,467 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:40,467 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:40,467 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_20388746647371714522020
2020-02-14 15:53:40,467 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_20388746647371714522020 (size 0x7000)
2020-02-14 15:53:40,467 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:40,467 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:40,500 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6124
2020-02-14 15:53:40,500 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,500 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,500 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,500 [root] DEBUG: Loader: Injecting process 6124 (thread 6128) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,500 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:40,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6124
2020-02-14 15:53:40,530 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6124
2020-02-14 15:53:40,530 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,530 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,530 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,530 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,530 [root] DEBUG: Loader: Injecting process 6124 (thread 6128) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,530 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,546 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:40,546 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,546 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6124
2020-02-14 15:53:40,546 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:40,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:40,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:40,546 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:40,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:40,546 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,546 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:40,546 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:40,562 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_6094801888371714522020
2020-02-14 15:53:40,562 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_6094801888371714522020 (size 0xa000)
2020-02-14 15:53:40,562 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:40,562 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:40,562 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:40,562 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:40,562 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:40,562 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_2636761248371714522020
2020-02-14 15:53:40,578 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_2636761248371714522020 (size 0x7000)
2020-02-14 15:53:40,578 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:40,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:40,592 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4328
2020-02-14 15:53:40,592 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,592 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,592 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,592 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,592 [root] DEBUG: Loader: Injecting process 4328 (thread 4332) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,592 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,592 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,592 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:40,592 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,592 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4328
2020-02-14 15:53:40,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4328
2020-02-14 15:53:40,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,625 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,625 [root] DEBUG: Loader: Injecting process 4328 (thread 4332) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,625 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,640 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:40,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4328
2020-02-14 15:53:40,640 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:40,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:40,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:40,640 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:40,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:40,640 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,640 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:40,640 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:40,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_2078329229371714522020
2020-02-14 15:53:40,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_2078329229371714522020 (size 0xa000)
2020-02-14 15:53:40,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:40,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:40,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:40,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:40,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:40,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_2726897929371714522020
2020-02-14 15:53:40,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_2726897929371714522020 (size 0x7000)
2020-02-14 15:53:40,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:40,687 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:40,717 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4544
2020-02-14 15:53:40,717 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,717 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,717 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,717 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,717 [root] DEBUG: Loader: Injecting process 4544 (thread 4548) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,717 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,733 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:40,733 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,733 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4544
2020-02-14 15:53:40,765 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4544
2020-02-14 15:53:40,765 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:40,765 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:40,765 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:40,765 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:40,765 [root] DEBUG: Loader: Injecting process 4544 (thread 4548) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,780 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:40,780 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,780 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:40,780 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:40,780 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4544
2020-02-14 15:53:40,796 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:40,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:40,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:40,796 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:40,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:40,796 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:40,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:40,812 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_184683592010371714522020
2020-02-14 15:53:40,812 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_184683592010371714522020 (size 0xa000)
2020-02-14 15:53:40,812 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:40,812 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:40,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:40,812 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:40,812 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:40,812 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:41,467 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_183469034810371714522020
2020-02-14 15:53:41,467 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_183469034810371714522020 (size 0x7000)
2020-02-14 15:53:41,467 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:41,467 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:41,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4804
2020-02-14 15:53:41,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:41,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:41,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:41,483 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:41,483 [root] DEBUG: Loader: Injecting process 4804 (thread 4796) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,483 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:41,483 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,483 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:41,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4804
2020-02-14 15:53:41,515 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4804
2020-02-14 15:53:41,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:41,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:41,530 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:41,530 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:41,530 [root] DEBUG: Loader: Injecting process 4804 (thread 4796) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,530 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:41,530 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,530 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:41,530 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4804
2020-02-14 15:53:41,530 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:41,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:41,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:41,546 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:41,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:41,546 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:41,546 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:41,546 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:41,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_37559960111371714522020
2020-02-14 15:53:41,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_37559960111371714522020 (size 0xa000)
2020-02-14 15:53:41,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:41,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:41,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:41,592 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:41,592 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:41,592 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:41,608 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_31396617611371714522020
2020-02-14 15:53:41,608 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_31396617611371714522020 (size 0x7000)
2020-02-14 15:53:41,608 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:41,608 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:41,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5060
2020-02-14 15:53:41,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:41,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:41,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:41,625 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:41,625 [root] DEBUG: Loader: Injecting process 5060 (thread 5080) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,625 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:41,625 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,625 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:41,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5060
2020-02-14 15:53:41,655 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5060
2020-02-14 15:53:41,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:41,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:41,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:41,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:41,671 [root] DEBUG: Loader: Injecting process 5060 (thread 5080) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:41,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,671 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:41,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5060
2020-02-14 15:53:41,671 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:41,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:41,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:41,687 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:41,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:41,687 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:41,687 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:41,687 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:41,687 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_25435903112371714522020
2020-02-14 15:53:41,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_25435903112371714522020 (size 0xa000)
2020-02-14 15:53:41,687 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:41,703 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:41,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:41,703 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:41,703 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:41,703 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:41,703 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_75211961112371714522020
2020-02-14 15:53:41,703 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_75211961112371714522020 (size 0x7000)
2020-02-14 15:53:41,703 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:41,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:41,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5344
2020-02-14 15:53:41,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:41,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:41,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:41,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:41,750 [root] DEBUG: Loader: Injecting process 5344 (thread 5348) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,750 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:41,750 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,750 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:41,750 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,750 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5344
2020-02-14 15:53:41,780 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5344
2020-02-14 15:53:41,780 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:41,780 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:41,780 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:41,780 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:41,796 [root] DEBUG: Loader: Injecting process 5344 (thread 5348) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,796 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:41,796 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,796 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:41,796 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,796 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5344
2020-02-14 15:53:41,796 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:41,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:41,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:41,796 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:41,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:41,796 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:41,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:41,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:41,812 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_197550993913371714522020
2020-02-14 15:53:41,812 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_197550993913371714522020 (size 0xa000)
2020-02-14 15:53:41,812 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:41,812 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:41,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:41,812 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:41,812 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:41,828 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:41,842 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_88468089813371714522020
2020-02-14 15:53:41,842 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_88468089813371714522020 (size 0x7000)
2020-02-14 15:53:41,842 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:41,842 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:41,858 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5576
2020-02-14 15:53:41,858 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:41,858 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:41,858 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:41,858 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:41,858 [root] DEBUG: Loader: Injecting process 5576 (thread 5580) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,858 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:41,858 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,875 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:41,875 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,875 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5576
2020-02-14 15:53:41,890 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5576
2020-02-14 15:53:41,890 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:41,890 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:41,890 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:41,905 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:41,905 [root] DEBUG: Loader: Injecting process 5576 (thread 5580) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,905 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:41,905 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,905 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:41,905 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,905 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5576
2020-02-14 15:53:41,905 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:41,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:41,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:41,905 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:41,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:41,905 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:41,905 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:41,905 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:41,921 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_90881393114371714522020
2020-02-14 15:53:41,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_90881393114371714522020 (size 0xa000)
2020-02-14 15:53:41,921 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:41,921 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:41,921 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:41,921 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:41,921 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:41,921 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:41,937 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_145457114014371714522020
2020-02-14 15:53:41,937 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_145457114014371714522020 (size 0x7000)
2020-02-14 15:53:41,937 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:41,937 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:41,953 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5824
2020-02-14 15:53:41,953 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:41,953 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:41,953 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:41,953 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:41,953 [root] DEBUG: Loader: Injecting process 5824 (thread 5828) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,953 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:41,953 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,953 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:41,953 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,967 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5824
2020-02-14 15:53:41,983 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5824
2020-02-14 15:53:41,983 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:41,983 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:41,983 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:41,983 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:41,983 [root] DEBUG: Loader: Injecting process 5824 (thread 5828) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,983 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:41,983 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,983 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:41,983 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:41,983 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5824
2020-02-14 15:53:42,000 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:42,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:42,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:42,000 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:42,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:42,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:42,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:42,015 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_131275045515371714522020
2020-02-14 15:53:42,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_131275045515371714522020 (size 0xa000)
2020-02-14 15:53:42,015 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:42,015 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:42,015 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:42,015 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:42,015 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:42,030 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_182422348815371714522020
2020-02-14 15:53:42,030 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_182422348815371714522020 (size 0x7000)
2020-02-14 15:53:42,030 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:42,046 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:42,062 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6052
2020-02-14 15:53:42,062 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,062 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,062 [root] DEBUG: Loader: Injecting process 6052 (thread 6044) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,062 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,078 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,078 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:42,078 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,078 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6052
2020-02-14 15:53:42,092 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6052
2020-02-14 15:53:42,092 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,092 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,092 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,092 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,092 [root] DEBUG: Loader: Injecting process 6052 (thread 6044) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,092 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,092 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,092 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:42,092 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,092 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6052
2020-02-14 15:53:42,108 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:42,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:42,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:42,108 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:42,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:42,108 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,108 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:42,108 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:42,125 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_102994680416371714522020
2020-02-14 15:53:42,125 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_102994680416371714522020 (size 0xa000)
2020-02-14 15:53:42,125 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:42,125 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:42,125 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:42,125 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:42,125 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:42,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_36879993816371714522020
2020-02-14 15:53:42,155 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_36879993816371714522020 (size 0x7000)
2020-02-14 15:53:42,155 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:42,155 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:42,171 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4228
2020-02-14 15:53:42,171 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,171 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,171 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,171 [root] DEBUG: Loader: Injecting process 4228 (thread 4216) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,171 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:42,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,187 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4228
2020-02-14 15:53:42,203 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4228
2020-02-14 15:53:42,203 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,203 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,203 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,203 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,203 [root] DEBUG: Loader: Injecting process 4228 (thread 4216) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,203 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,203 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,203 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:42,203 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,203 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4228
2020-02-14 15:53:42,217 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:42,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:42,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:42,217 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:42,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:42,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,217 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:42,217 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:42,217 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_188063838016371714522020
2020-02-14 15:53:42,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_188063838016371714522020 (size 0xa000)
2020-02-14 15:53:42,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:42,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,233 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:42,233 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:42,233 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:42,233 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:42,233 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_41299708216371714522020
2020-02-14 15:53:42,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_41299708216371714522020 (size 0x7000)
2020-02-14 15:53:42,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:42,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:42,265 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4492
2020-02-14 15:53:42,265 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,265 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,265 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,265 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,265 [root] DEBUG: Loader: Injecting process 4492 (thread 4516) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,265 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,265 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,265 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:42,265 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,265 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4492
2020-02-14 15:53:42,296 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4492
2020-02-14 15:53:42,296 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,296 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,296 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,296 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,296 [root] DEBUG: Loader: Injecting process 4492 (thread 4516) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,296 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,296 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,296 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:42,296 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,296 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4492
2020-02-14 15:53:42,312 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:42,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:42,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:42,312 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:42,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:42,312 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,312 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:42,312 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:42,328 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_37338457617371714522020
2020-02-14 15:53:42,328 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_37338457617371714522020 (size 0xa000)
2020-02-14 15:53:42,328 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:42,328 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:42,328 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:42,328 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:42,328 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:42,342 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_89543923217371714522020
2020-02-14 15:53:42,342 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_89543923217371714522020 (size 0x7000)
2020-02-14 15:53:42,342 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:42,342 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:42,358 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4772
2020-02-14 15:53:42,358 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,358 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,358 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,358 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,358 [root] DEBUG: Loader: Injecting process 4772 (thread 2148) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,358 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,358 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,358 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:42,358 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,358 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4772
2020-02-14 15:53:42,390 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4772
2020-02-14 15:53:42,390 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,390 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,390 [root] DEBUG: Loader: Injecting process 4772 (thread 2148) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,390 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,390 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,390 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:42,390 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,390 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4772
2020-02-14 15:53:42,405 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:42,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:42,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:42,405 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:42,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:42,405 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,405 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:42,405 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:42,421 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_112668990518371714522020
2020-02-14 15:53:42,421 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_112668990518371714522020 (size 0xa000)
2020-02-14 15:53:42,421 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:42,421 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:42,421 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:42,421 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:42,421 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:42,421 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_67778965818371714522020
2020-02-14 15:53:42,421 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_67778965818371714522020 (size 0x7000)
2020-02-14 15:53:42,437 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:42,437 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:42,453 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5036
2020-02-14 15:53:42,453 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,453 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,453 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,453 [root] DEBUG: Loader: Injecting process 5036 (thread 4404) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,453 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,453 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,453 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:42,453 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,453 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5036
2020-02-14 15:53:42,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5036
2020-02-14 15:53:42,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,483 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,483 [root] DEBUG: Loader: Injecting process 5036 (thread 4404) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,483 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,483 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,500 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:42,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5036
2020-02-14 15:53:42,500 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:42,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:42,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:42,500 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:42,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:42,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:42,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:42,515 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_49861720719371714522020
2020-02-14 15:53:42,515 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_49861720719371714522020 (size 0xa000)
2020-02-14 15:53:42,515 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:42,515 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:42,515 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:42,515 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:42,515 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:42,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_50218089219371714522020
2020-02-14 15:53:42,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_50218089219371714522020 (size 0x7000)
2020-02-14 15:53:42,592 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:42,592 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:42,608 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5200
2020-02-14 15:53:42,608 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,608 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,608 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,608 [root] DEBUG: Loader: Injecting process 5200 (thread 5208) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,608 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,608 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,608 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:42,608 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,608 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5200
2020-02-14 15:53:42,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5200
2020-02-14 15:53:42,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,640 [root] DEBUG: Loader: Injecting process 5200 (thread 5208) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,640 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:42,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5200
2020-02-14 15:53:42,655 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:42,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:42,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:42,655 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:42,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:42,655 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:42,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:42,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_10811859720371714522020
2020-02-14 15:53:42,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_10811859720371714522020 (size 0xa000)
2020-02-14 15:53:42,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:42,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:42,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:42,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:42,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:42,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_203365143820371714522020
2020-02-14 15:53:42,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_203365143820371714522020 (size 0x7000)
2020-02-14 15:53:42,687 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:42,687 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:42,703 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5544
2020-02-14 15:53:42,703 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,703 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,703 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,703 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,703 [root] DEBUG: Loader: Injecting process 5544 (thread 5520) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,703 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,703 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,703 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:42,703 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,703 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5544
2020-02-14 15:53:42,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5544
2020-02-14 15:53:42,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,765 [root] DEBUG: Loader: Injecting process 5544 (thread 5520) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,765 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,765 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,765 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:42,765 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,765 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5544
2020-02-14 15:53:42,765 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:42,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:42,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:42,765 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:42,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:42,765 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,765 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:42,765 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:42,828 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_176398484721371714522020
2020-02-14 15:53:42,828 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_176398484721371714522020 (size 0xa000)
2020-02-14 15:53:42,828 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:42,828 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:42,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:42,828 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:42,828 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:42,828 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:42,858 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_172616811221371714522020
2020-02-14 15:53:42,858 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_172616811221371714522020 (size 0x7000)
2020-02-14 15:53:42,858 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:42,875 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:42,890 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5776
2020-02-14 15:53:42,890 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:42,890 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:42,890 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:42,890 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:42,890 [root] DEBUG: Loader: Injecting process 5776 (thread 5780) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,890 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:42,890 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,890 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:42,890 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:42,890 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5776
2020-02-14 15:53:43,000 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5776
2020-02-14 15:53:43,000 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:43,000 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:43,015 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:43,015 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:43,015 [root] DEBUG: Loader: Injecting process 5776 (thread 5780) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,015 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:43,015 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,015 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:43,015 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,015 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5776
2020-02-14 15:53:43,015 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:43,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:43,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:43,015 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:43,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:43,015 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:43,015 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:43,015 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:43,030 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_121004036222371714522020
2020-02-14 15:53:43,030 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_121004036222371714522020 (size 0xa000)
2020-02-14 15:53:43,030 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:43,030 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:43,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:43,030 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:43,030 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:43,030 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:43,421 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_77040137222371714522020
2020-02-14 15:53:43,421 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_77040137222371714522020 (size 0x7000)
2020-02-14 15:53:43,421 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:43,421 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:43,437 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6000
2020-02-14 15:53:43,437 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:43,437 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:43,437 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:43,437 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:43,437 [root] DEBUG: Loader: Injecting process 6000 (thread 5992) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,437 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:43,437 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,437 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:43,437 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6000
2020-02-14 15:53:43,500 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6000
2020-02-14 15:53:43,500 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:43,500 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:43,500 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:43,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:43,500 [root] DEBUG: Loader: Injecting process 6000 (thread 5992) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:43,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,500 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:43,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6000
2020-02-14 15:53:43,500 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:43,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:43,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:43,515 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:43,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:43,515 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:43,515 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:43,515 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:43,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_174188678423371714522020
2020-02-14 15:53:43,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_174188678423371714522020 (size 0xa000)
2020-02-14 15:53:43,655 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:43,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:43,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:43,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:43,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:43,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:43,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_51501343223371714522020
2020-02-14 15:53:43,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_51501343223371714522020 (size 0x7000)
2020-02-14 15:53:43,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:43,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:43,687 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4268
2020-02-14 15:53:43,687 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:43,687 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:43,687 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:43,687 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:43,687 [root] DEBUG: Loader: Injecting process 4268 (thread 4272) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,687 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:43,687 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,687 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:43,687 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4268
2020-02-14 15:53:43,703 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4268
2020-02-14 15:53:43,703 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:43,703 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:43,703 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:43,717 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:43,717 [root] DEBUG: Loader: Injecting process 4268 (thread 4272) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,717 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:43,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,717 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:43,717 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,717 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4268
2020-02-14 15:53:43,717 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:43,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:43,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:43,717 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:43,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:43,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:43,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:43,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:43,733 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_170265820024371714522020
2020-02-14 15:53:43,733 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_170265820024371714522020 (size 0xa000)
2020-02-14 15:53:43,733 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:43,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:43,733 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:43,733 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:43,765 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:43,765 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:43,780 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_162590435724371714522020
2020-02-14 15:53:43,780 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_162590435724371714522020 (size 0x7000)
2020-02-14 15:53:43,780 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:43,780 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:43,796 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4576
2020-02-14 15:53:43,796 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:43,796 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:43,796 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:43,796 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:43,796 [root] DEBUG: Loader: Injecting process 4576 (thread 4524) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,796 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:43,796 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,796 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:43,796 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,796 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4576
2020-02-14 15:53:43,812 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4576
2020-02-14 15:53:43,812 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:43,812 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:43,828 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:43,828 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:43,828 [root] DEBUG: Loader: Injecting process 4576 (thread 4524) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,828 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:43,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,828 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:43,828 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,828 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4576
2020-02-14 15:53:43,828 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:43,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:43,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:43,828 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:43,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:43,828 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:43,828 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:43,828 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:43,842 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_196456220825371714522020
2020-02-14 15:53:43,842 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_196456220825371714522020 (size 0xa000)
2020-02-14 15:53:43,842 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:43,842 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:43,842 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:43,842 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:43,842 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:43,842 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:43,858 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_10210690025371714522020
2020-02-14 15:53:43,858 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_10210690025371714522020 (size 0x7000)
2020-02-14 15:53:43,858 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:43,858 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:43,875 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5012
2020-02-14 15:53:43,921 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:43,921 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:43,921 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:43,921 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:43,921 [root] DEBUG: Loader: Injecting process 5012 (thread 4860) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,921 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:43,921 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,921 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:43,921 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,921 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5012
2020-02-14 15:53:43,953 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5012
2020-02-14 15:53:43,953 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:43,953 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:43,953 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:43,953 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:43,953 [root] DEBUG: Loader: Injecting process 5012 (thread 4860) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,953 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:43,953 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,953 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:43,953 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:43,953 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5012
2020-02-14 15:53:43,953 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:43,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:43,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:43,953 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:43,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:43,953 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:43,953 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:43,967 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:44,000 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_118652848026371714522020
2020-02-14 15:53:44,000 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_118652848026371714522020 (size 0xa000)
2020-02-14 15:53:44,000 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:44,000 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:44,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:44,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:44,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:44,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_16088140826371714522020
2020-02-14 15:53:44,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_16088140826371714522020 (size 0x7000)
2020-02-14 15:53:44,140 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:44,140 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:44,155 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5052
2020-02-14 15:53:44,155 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,155 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,155 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,155 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,155 [root] DEBUG: Loader: Injecting process 5052 (thread 5176) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,155 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,155 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,155 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:44,155 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,155 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5052
2020-02-14 15:53:44,187 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5052
2020-02-14 15:53:44,187 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,187 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,187 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,187 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,187 [root] DEBUG: Loader: Injecting process 5052 (thread 5176) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,187 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,187 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,187 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:44,187 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,203 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5052
2020-02-14 15:53:44,203 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:44,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:44,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:44,203 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:44,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:44,203 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,203 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:44,203 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:44,217 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_20676439327371714522020
2020-02-14 15:53:44,217 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_20676439327371714522020 (size 0xa000)
2020-02-14 15:53:44,217 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:44,217 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:44,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:44,217 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:44,217 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:44,217 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_174786712427371714522020
2020-02-14 15:53:44,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_174786712427371714522020 (size 0x7000)
2020-02-14 15:53:44,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:44,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:44,250 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5296
2020-02-14 15:53:44,250 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,250 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,250 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,250 [root] DEBUG: Loader: Injecting process 5296 (thread 5260) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,250 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,250 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,250 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:44,250 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,250 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5296
2020-02-14 15:53:44,280 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5296
2020-02-14 15:53:44,280 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,280 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,280 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,280 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,280 [root] DEBUG: Loader: Injecting process 5296 (thread 5260) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,280 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,280 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,280 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:44,280 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,280 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5296
2020-02-14 15:53:44,280 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:44,280 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:44,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:44,296 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:44,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:44,296 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,296 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:44,296 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:44,296 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_183388190828371714522020
2020-02-14 15:53:44,312 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_183388190828371714522020 (size 0xa000)
2020-02-14 15:53:44,312 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:44,312 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:44,312 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:44,312 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:44,312 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:44,312 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_17068281328371714522020
2020-02-14 15:53:44,312 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_17068281328371714522020 (size 0x7000)
2020-02-14 15:53:44,312 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:44,312 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:44,328 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5652
2020-02-14 15:53:44,328 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,328 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,328 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,328 [root] DEBUG: Loader: Injecting process 5652 (thread 5656) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,328 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,328 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:44,328 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,328 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5652
2020-02-14 15:53:44,358 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5652
2020-02-14 15:53:44,358 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,358 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,358 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,358 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,358 [root] DEBUG: Loader: Injecting process 5652 (thread 5656) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,375 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,375 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,375 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:44,375 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,375 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5652
2020-02-14 15:53:44,375 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:44,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:44,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:44,375 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:44,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:44,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:44,375 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:44,390 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_150916922329371714522020
2020-02-14 15:53:44,390 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_150916922329371714522020 (size 0xa000)
2020-02-14 15:53:44,390 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:44,390 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,390 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:44,390 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:44,390 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:44,390 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:44,405 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_158161596829371714522020
2020-02-14 15:53:44,405 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_158161596829371714522020 (size 0x7000)
2020-02-14 15:53:44,405 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:44,405 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:44,421 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5800
2020-02-14 15:53:44,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,421 [root] DEBUG: Loader: Injecting process 5800 (thread 5844) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,421 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,421 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,421 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:44,421 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,421 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5800
2020-02-14 15:53:44,453 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5800
2020-02-14 15:53:44,453 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,453 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,453 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,453 [root] DEBUG: Loader: Injecting process 5800 (thread 5844) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,453 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,453 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,453 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:44,453 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,453 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5800
2020-02-14 15:53:44,467 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:44,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:44,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:44,467 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:44,467 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:44,467 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,467 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:44,467 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:44,483 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_214010242730371714522020
2020-02-14 15:53:44,483 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_214010242730371714522020 (size 0xa000)
2020-02-14 15:53:44,483 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:44,483 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,483 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:44,483 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:44,483 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:44,483 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:44,500 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_87014099230371714522020
2020-02-14 15:53:44,500 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_87014099230371714522020 (size 0x7000)
2020-02-14 15:53:44,500 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:44,500 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:44,515 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4100
2020-02-14 15:53:44,515 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,515 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,515 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,515 [root] DEBUG: Loader: Injecting process 4100 (thread 4104) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,515 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,515 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:44,515 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,515 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4100
2020-02-14 15:53:44,530 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4100
2020-02-14 15:53:44,530 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,530 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,530 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,546 [root] DEBUG: Loader: Injecting process 4100 (thread 4104) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,546 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,546 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:44,546 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,546 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4100
2020-02-14 15:53:44,546 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:44,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:44,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:44,546 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:44,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:44,546 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,546 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:44,546 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:44,562 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_51619076030371714522020
2020-02-14 15:53:44,562 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_51619076030371714522020 (size 0xa000)
2020-02-14 15:53:44,562 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:44,562 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,562 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:44,562 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:44,562 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:44,562 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:44,578 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_16766001131371714522020
2020-02-14 15:53:44,578 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_16766001131371714522020 (size 0x7000)
2020-02-14 15:53:44,578 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:44,578 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:44,592 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4388
2020-02-14 15:53:44,592 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,592 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,592 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,592 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,592 [root] DEBUG: Loader: Injecting process 4388 (thread 4472) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,592 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,592 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,592 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:44,592 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,592 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4388
2020-02-14 15:53:44,625 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4388
2020-02-14 15:53:44,625 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,625 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,625 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,625 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,625 [root] DEBUG: Loader: Injecting process 4388 (thread 4472) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,625 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,625 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,625 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:44,625 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,625 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4388
2020-02-14 15:53:44,625 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:44,625 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:44,625 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:44,640 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:44,640 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:44,640 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,640 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:44,640 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:44,640 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_37287737631371714522020
2020-02-14 15:53:44,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_37287737631371714522020 (size 0xa000)
2020-02-14 15:53:44,655 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:44,655 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:44,655 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:44,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:44,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:44,655 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_149034918431371714522020
2020-02-14 15:53:44,655 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_149034918431371714522020 (size 0x7000)
2020-02-14 15:53:44,655 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:44,655 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:44,671 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4724
2020-02-14 15:53:44,671 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,671 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,671 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,671 [root] DEBUG: Loader: Injecting process 4724 (thread 2284) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,671 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:44,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4724
2020-02-14 15:53:44,687 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4724
2020-02-14 15:53:44,687 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,687 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,687 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,703 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,703 [root] DEBUG: Loader: Injecting process 4724 (thread 2284) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,703 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,703 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,703 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:44,703 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,703 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4724
2020-02-14 15:53:44,703 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:44,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:44,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:44,703 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:44,703 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:44,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:44,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:44,717 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_52859013632371714522020
2020-02-14 15:53:44,717 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_52859013632371714522020 (size 0xa000)
2020-02-14 15:53:44,717 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:44,717 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:44,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:44,733 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:44,733 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:44,733 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_149307478832371714522020
2020-02-14 15:53:44,733 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_149307478832371714522020 (size 0x7000)
2020-02-14 15:53:44,733 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:44,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:44,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5016
2020-02-14 15:53:44,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,750 [root] DEBUG: Loader: Injecting process 5016 (thread 5020) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,750 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,750 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,750 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:44,750 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,750 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5016
2020-02-14 15:53:44,796 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5016
2020-02-14 15:53:44,796 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,796 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,796 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,812 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,812 [root] DEBUG: Loader: Injecting process 5016 (thread 5020) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,812 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,812 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,812 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:44,812 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,812 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5016
2020-02-14 15:53:44,812 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:44,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:44,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:44,812 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:44,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:44,812 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,812 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:44,812 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:44,828 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_177075416133371714522020
2020-02-14 15:53:44,828 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_177075416133371714522020 (size 0xa000)
2020-02-14 15:53:44,828 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:44,828 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,828 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:44,828 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:44,828 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:44,828 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:44,890 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_75338298433371714522020
2020-02-14 15:53:44,890 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_75338298433371714522020 (size 0x7000)
2020-02-14 15:53:44,890 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:44,890 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:44,905 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5392
2020-02-14 15:53:44,905 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,905 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,905 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,905 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,905 [root] DEBUG: Loader: Injecting process 5392 (thread 5396) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,905 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,905 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,905 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:44,905 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,905 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5392
2020-02-14 15:53:44,921 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5392
2020-02-14 15:53:44,921 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,921 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,921 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,937 [root] DEBUG: Loader: Injecting process 5392 (thread 5396) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,937 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,937 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,937 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:44,937 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,937 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5392
2020-02-14 15:53:44,937 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:44,937 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:44,937 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:44,937 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:44,937 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:44,937 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,953 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:44,953 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:44,953 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_194862444034371714522020
2020-02-14 15:53:44,953 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_194862444034371714522020 (size 0xa000)
2020-02-14 15:53:44,953 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:44,953 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:44,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:44,953 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:44,953 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:44,953 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:44,967 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_63877268834371714522020
2020-02-14 15:53:44,967 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_63877268834371714522020 (size 0x7000)
2020-02-14 15:53:44,967 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:44,967 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:44,983 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5672
2020-02-14 15:53:44,983 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:44,983 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:44,983 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:44,983 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:44,983 [root] DEBUG: Loader: Injecting process 5672 (thread 5704) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,983 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:44,983 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,983 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:44,983 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:44,983 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5672
2020-02-14 15:53:45,015 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5672
2020-02-14 15:53:45,015 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,015 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,015 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,015 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,015 [root] DEBUG: Loader: Injecting process 5672 (thread 5704) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,015 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,015 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,015 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,015 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,015 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5672
2020-02-14 15:53:45,015 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,030 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,030 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,030 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,030 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,046 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_105884410035371714522020
2020-02-14 15:53:45,046 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_105884410035371714522020 (size 0xa000)
2020-02-14 15:53:45,046 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,046 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,046 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,046 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,046 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,046 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,062 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_106576859835371714522020
2020-02-14 15:53:45,062 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_106576859835371714522020 (size 0x7000)
2020-02-14 15:53:45,062 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,062 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:45,078 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5948
2020-02-14 15:53:45,078 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,078 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,078 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,078 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,078 [root] DEBUG: Loader: Injecting process 5948 (thread 5952) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,078 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,078 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,078 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:45,078 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,078 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5948
2020-02-14 15:53:45,092 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5948
2020-02-14 15:53:45,092 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,092 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,092 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,108 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,108 [root] DEBUG: Loader: Injecting process 5948 (thread 5952) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,108 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,108 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,108 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,108 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,108 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5948
2020-02-14 15:53:45,108 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,108 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,108 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,108 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,125 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,125 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_186531112036371714522020
2020-02-14 15:53:45,125 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_186531112036371714522020 (size 0xa000)
2020-02-14 15:53:45,125 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,125 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,125 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,125 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,125 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_159211606436371714522020
2020-02-14 15:53:45,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_159211606436371714522020 (size 0x7000)
2020-02-14 15:53:45,140 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,140 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:45,155 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4128
2020-02-14 15:53:45,155 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,155 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,155 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,155 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,155 [root] DEBUG: Loader: Injecting process 4128 (thread 4200) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,155 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,155 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,155 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:45,155 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,155 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4128
2020-02-14 15:53:45,187 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4128
2020-02-14 15:53:45,187 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,187 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,187 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,187 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,187 [root] DEBUG: Loader: Injecting process 4128 (thread 4200) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,187 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,187 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,187 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,187 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,187 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4128
2020-02-14 15:53:45,187 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,187 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,187 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,187 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,203 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,203 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,203 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,203 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_184248042436371714522020
2020-02-14 15:53:45,203 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_184248042436371714522020 (size 0xa000)
2020-02-14 15:53:45,203 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,203 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,203 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,217 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,217 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,233 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_54426613536371714522020
2020-02-14 15:53:45,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_54426613536371714522020 (size 0x7000)
2020-02-14 15:53:45,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:45,265 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4636
2020-02-14 15:53:45,265 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,265 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,265 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,265 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,265 [root] DEBUG: Loader: Injecting process 4636 (thread 4640) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,265 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,265 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,265 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:45,265 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,265 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4636
2020-02-14 15:53:45,296 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4636
2020-02-14 15:53:45,296 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,296 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,296 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,312 [root] DEBUG: Loader: Injecting process 4636 (thread 4640) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,312 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,312 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,312 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,312 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,312 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4636
2020-02-14 15:53:45,312 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,312 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,312 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,312 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,312 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,328 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_78033142837371714522020
2020-02-14 15:53:45,328 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_78033142837371714522020 (size 0xa000)
2020-02-14 15:53:45,328 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,328 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,328 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,328 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,342 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,342 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_186035126037371714522020
2020-02-14 15:53:45,342 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_186035126037371714522020 (size 0x7000)
2020-02-14 15:53:45,342 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,342 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:45,358 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4812
2020-02-14 15:53:45,375 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,375 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,375 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,375 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,375 [root] DEBUG: Loader: Injecting process 4812 (thread 4148) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,375 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,375 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,375 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:45,375 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,390 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4812
2020-02-14 15:53:45,405 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4812
2020-02-14 15:53:45,405 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,405 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,405 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,405 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,405 [root] DEBUG: Loader: Injecting process 4812 (thread 4148) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,405 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,405 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,405 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,405 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,405 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4812
2020-02-14 15:53:45,405 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,421 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,421 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,421 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,421 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,421 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_57127359338371714522020
2020-02-14 15:53:45,421 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_57127359338371714522020 (size 0xa000)
2020-02-14 15:53:45,421 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,421 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,421 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,437 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,437 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,437 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_89427386238371714522020
2020-02-14 15:53:45,437 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_89427386238371714522020 (size 0x7000)
2020-02-14 15:53:45,437 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,437 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:45,453 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5184
2020-02-14 15:53:45,453 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,453 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,453 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,453 [root] DEBUG: Loader: Injecting process 5184 (thread 5164) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,453 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,453 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,453 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:45,453 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,467 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5184
2020-02-14 15:53:45,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5184
2020-02-14 15:53:45,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,500 [root] DEBUG: Loader: Injecting process 5184 (thread 5164) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,500 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5184
2020-02-14 15:53:45,500 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,500 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,515 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_113050137839371714522020
2020-02-14 15:53:45,515 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_113050137839371714522020 (size 0xa000)
2020-02-14 15:53:45,515 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,515 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,515 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,515 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,515 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,530 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_116952465639371714522020
2020-02-14 15:53:45,530 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_116952465639371714522020 (size 0x7000)
2020-02-14 15:53:45,530 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,530 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:45,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5584
2020-02-14 15:53:45,546 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,546 [root] DEBUG: Loader: Injecting process 5584 (thread 5560) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,546 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,546 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:45,546 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,546 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5584
2020-02-14 15:53:45,578 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5584
2020-02-14 15:53:45,578 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,578 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,578 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,578 [root] DEBUG: Loader: Injecting process 5584 (thread 5560) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,578 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,578 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,578 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,578 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,578 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5584
2020-02-14 15:53:45,578 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,578 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,592 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,592 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,592 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,592 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,592 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_171418407240371714522020
2020-02-14 15:53:45,592 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_171418407240371714522020 (size 0xa000)
2020-02-14 15:53:45,608 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,608 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,608 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,608 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,608 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,608 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,608 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_33180508240371714522020
2020-02-14 15:53:45,608 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_33180508240371714522020 (size 0x7000)
2020-02-14 15:53:45,608 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,608 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:45,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5384
2020-02-14 15:53:45,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,640 [root] DEBUG: Loader: Injecting process 5384 (thread 5868) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,640 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:45,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5384
2020-02-14 15:53:45,655 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5384
2020-02-14 15:53:45,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,671 [root] DEBUG: Loader: Injecting process 5384 (thread 5868) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,671 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5384
2020-02-14 15:53:45,671 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,671 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,687 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_48057430441371714522020
2020-02-14 15:53:45,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_48057430441371714522020 (size 0xa000)
2020-02-14 15:53:45,687 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,687 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,687 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,687 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,687 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,703 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_84714540041371714522020
2020-02-14 15:53:45,703 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_84714540041371714522020 (size 0x7000)
2020-02-14 15:53:45,703 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,703 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:45,717 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6120
2020-02-14 15:53:45,717 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,717 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,717 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,717 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,717 [root] DEBUG: Loader: Injecting process 6120 (thread 4108) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,717 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,717 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:45,717 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,717 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6120
2020-02-14 15:53:45,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6120
2020-02-14 15:53:45,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,750 [root] DEBUG: Loader: Injecting process 6120 (thread 4108) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,750 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,750 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,750 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,750 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,750 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6120
2020-02-14 15:53:45,765 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,765 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,765 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,765 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,765 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,780 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_171772729842371714522020
2020-02-14 15:53:45,780 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_171772729842371714522020 (size 0xa000)
2020-02-14 15:53:45,780 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,780 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,780 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,780 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,780 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,780 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,780 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_156068114942371714522020
2020-02-14 15:53:45,796 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_156068114942371714522020 (size 0x7000)
2020-02-14 15:53:45,812 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,812 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:45,828 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4476
2020-02-14 15:53:45,828 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,828 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,828 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,828 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,828 [root] DEBUG: Loader: Injecting process 4476 (thread 4452) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,828 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,828 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:45,828 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,828 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4476
2020-02-14 15:53:45,842 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4476
2020-02-14 15:53:45,842 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,842 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,858 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,858 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,858 [root] DEBUG: Loader: Injecting process 4476 (thread 4452) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,858 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,858 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,858 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,858 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,858 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4476
2020-02-14 15:53:45,858 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,858 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,858 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,858 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,858 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,875 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,875 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_187330935843371714522020
2020-02-14 15:53:45,875 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_187330935843371714522020 (size 0xa000)
2020-02-14 15:53:45,875 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,875 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,875 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,890 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,890 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,890 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,890 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_125964851243371714522020
2020-02-14 15:53:45,890 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_125964851243371714522020 (size 0x7000)
2020-02-14 15:53:45,890 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,890 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:45,905 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4808
2020-02-14 15:53:45,905 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,905 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,905 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,905 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,905 [root] DEBUG: Loader: Injecting process 4808 (thread 4840) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,905 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,905 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,905 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:45,905 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,905 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4808
2020-02-14 15:53:45,937 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4808
2020-02-14 15:53:45,937 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:45,937 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:45,937 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:45,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:45,937 [root] DEBUG: Loader: Injecting process 4808 (thread 4840) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,937 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:45,937 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,937 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:45,937 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:45,937 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4808
2020-02-14 15:53:45,953 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:45,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:45,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:45,953 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:45,953 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:45,953 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,953 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:45,953 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:45,953 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_57433594443371714522020
2020-02-14 15:53:45,953 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_57433594443371714522020 (size 0xa000)
2020-02-14 15:53:45,953 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:45,967 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:45,967 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:45,967 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:45,967 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:45,967 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:45,983 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_73571389444371714522020
2020-02-14 15:53:45,983 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_73571389444371714522020 (size 0x7000)
2020-02-14 15:53:45,983 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:45,983 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:46,000 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5212
2020-02-14 15:53:46,000 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,000 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,000 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,000 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,000 [root] DEBUG: Loader: Injecting process 5212 (thread 5300) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,000 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,000 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,000 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:46,000 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,000 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5212
2020-02-14 15:53:46,030 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5212
2020-02-14 15:53:46,030 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,030 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,030 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,030 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,030 [root] DEBUG: Loader: Injecting process 5212 (thread 5300) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,030 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,030 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,030 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:46,030 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,030 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5212
2020-02-14 15:53:46,030 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:46,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:46,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:46,046 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:46,046 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:46,046 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,046 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:46,046 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:46,046 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_11093400644371714522020
2020-02-14 15:53:46,046 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_11093400644371714522020 (size 0xa000)
2020-02-14 15:53:46,046 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:46,062 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,062 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:46,062 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:46,062 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:46,062 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:46,062 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_145586944644371714522020
2020-02-14 15:53:46,062 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_145586944644371714522020 (size 0x7000)
2020-02-14 15:53:46,062 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:46,062 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:46,092 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5536
2020-02-14 15:53:46,092 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,092 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,092 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,092 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,092 [root] DEBUG: Loader: Injecting process 5536 (thread 5608) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,092 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,092 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,092 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:46,092 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,092 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5536
2020-02-14 15:53:46,125 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5536
2020-02-14 15:53:46,125 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,125 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,125 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,125 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,125 [root] DEBUG: Loader: Injecting process 5536 (thread 5608) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,125 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,125 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,125 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:46,125 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,125 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5536
2020-02-14 15:53:46,125 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:46,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:46,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:46,140 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:46,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:46,140 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,140 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:46,140 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:46,187 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_70249826145371714522020
2020-02-14 15:53:46,187 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_70249826145371714522020 (size 0xa000)
2020-02-14 15:53:46,187 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:46,187 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,187 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:46,187 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:46,187 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:46,187 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:46,203 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_135064240445371714522020
2020-02-14 15:53:46,203 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_135064240445371714522020 (size 0x7000)
2020-02-14 15:53:46,203 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:46,203 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:46,217 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5904
2020-02-14 15:53:46,217 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,217 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,217 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,217 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,217 [root] DEBUG: Loader: Injecting process 5904 (thread 5840) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,217 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,217 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,217 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:46,217 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,217 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5904
2020-02-14 15:53:46,250 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5904
2020-02-14 15:53:46,250 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,250 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,250 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,250 [root] DEBUG: Loader: Injecting process 5904 (thread 5840) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,265 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,265 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,265 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:46,265 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,265 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5904
2020-02-14 15:53:46,265 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:46,265 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:46,265 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:46,265 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:46,265 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:46,265 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,265 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:46,265 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:46,280 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_199148755446371714522020
2020-02-14 15:53:46,280 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_199148755446371714522020 (size 0xa000)
2020-02-14 15:53:46,280 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:46,280 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,280 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:46,280 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:46,280 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:46,280 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:46,296 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_33081366246371714522020
2020-02-14 15:53:46,296 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_33081366246371714522020 (size 0x7000)
2020-02-14 15:53:46,296 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:46,296 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:46,312 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4188
2020-02-14 15:53:46,312 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,312 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,312 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,312 [root] DEBUG: Loader: Injecting process 4188 (thread 4320) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,312 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,312 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,312 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:46,312 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,328 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4188
2020-02-14 15:53:46,342 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4188
2020-02-14 15:53:46,342 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,342 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,342 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,342 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,342 [root] DEBUG: Loader: Injecting process 4188 (thread 4320) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,342 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,342 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,342 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:46,342 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,342 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4188
2020-02-14 15:53:46,358 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:46,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:46,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:46,358 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:46,358 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:46,358 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,358 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:46,358 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:46,358 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_76764694847371714522020
2020-02-14 15:53:46,358 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_76764694847371714522020 (size 0xa000)
2020-02-14 15:53:46,358 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:46,358 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,375 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:46,375 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:46,375 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:46,375 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:46,375 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_161394511947371714522020
2020-02-14 15:53:46,375 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_161394511947371714522020 (size 0x7000)
2020-02-14 15:53:46,375 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:46,375 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:46,390 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4692
2020-02-14 15:53:46,390 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,390 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,390 [root] DEBUG: Loader: Injecting process 4692 (thread 4696) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,390 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,390 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,405 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:46,405 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,405 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4692
2020-02-14 15:53:46,421 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4692
2020-02-14 15:53:46,421 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,421 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,437 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,437 [root] DEBUG: Loader: Injecting process 4692 (thread 4696) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,437 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,437 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,437 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:46,437 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4692
2020-02-14 15:53:46,437 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:46,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:46,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:46,437 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:46,437 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:46,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:46,453 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:46,453 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_166261577648371714522020
2020-02-14 15:53:46,453 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_166261577648371714522020 (size 0xa000)
2020-02-14 15:53:46,453 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:46,453 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,453 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:46,467 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:46,467 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:46,467 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:46,467 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_34745183748371714522020
2020-02-14 15:53:46,483 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_34745183748371714522020 (size 0x7000)
2020-02-14 15:53:46,483 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:46,483 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:46,500 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5140
2020-02-14 15:53:46,500 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,500 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,500 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,500 [root] DEBUG: Loader: Injecting process 5140 (thread 5028) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,500 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,500 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,500 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:46,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,515 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5140
2020-02-14 15:53:46,530 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5140
2020-02-14 15:53:46,530 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,530 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,530 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,530 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,530 [root] DEBUG: Loader: Injecting process 5140 (thread 5028) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,530 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,530 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,530 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:46,530 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,530 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5140
2020-02-14 15:53:46,530 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:46,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:46,530 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:46,530 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:46,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:46,546 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,546 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:46,546 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:46,546 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_34795514049371714522020
2020-02-14 15:53:46,546 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_34795514049371714522020 (size 0xa000)
2020-02-14 15:53:46,546 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:46,546 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,546 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:46,546 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:46,546 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:46,546 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:46,562 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_101945768449371714522020
2020-02-14 15:53:46,562 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_101945768449371714522020 (size 0x7000)
2020-02-14 15:53:46,562 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:46,562 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:46,578 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5440
2020-02-14 15:53:46,608 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,608 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,608 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,608 [root] DEBUG: Loader: Injecting process 5440 (thread 5428) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,608 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,608 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,608 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:46,608 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,608 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5440
2020-02-14 15:53:46,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5440
2020-02-14 15:53:46,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,640 [root] DEBUG: Loader: Injecting process 5440 (thread 5428) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,655 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,655 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:46,655 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,655 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5440
2020-02-14 15:53:46,655 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:46,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:46,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:46,655 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:46,655 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:46,655 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,655 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:46,655 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:46,671 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_10486111650371714522020
2020-02-14 15:53:46,671 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_10486111650371714522020 (size 0xa000)
2020-02-14 15:53:46,671 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:46,671 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:46,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:46,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:46,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:46,687 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_211484361650371714522020
2020-02-14 15:53:46,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_211484361650371714522020 (size 0x7000)
2020-02-14 15:53:46,687 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:46,687 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:46,703 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5928
2020-02-14 15:53:46,703 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,703 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,703 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,703 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,703 [root] DEBUG: Loader: Injecting process 5928 (thread 5880) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,703 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,703 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,703 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:46,703 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,703 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5928
2020-02-14 15:53:46,733 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5928
2020-02-14 15:53:46,733 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,733 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,733 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,733 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,733 [root] DEBUG: Loader: Injecting process 5928 (thread 5880) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,733 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,733 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,733 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:46,733 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,750 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5928
2020-02-14 15:53:46,750 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:46,750 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:46,750 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:46,750 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:46,750 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:46,750 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,750 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:46,750 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:46,765 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_186090080051371714522020
2020-02-14 15:53:46,765 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_186090080051371714522020 (size 0xa000)
2020-02-14 15:53:46,765 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:46,765 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:46,765 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:46,765 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:46,765 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:46,828 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_149025167851371714522020
2020-02-14 15:53:46,828 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_149025167851371714522020 (size 0x7000)
2020-02-14 15:53:46,828 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:46,828 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:46,842 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4316
2020-02-14 15:53:46,842 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,842 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,842 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,842 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,842 [root] DEBUG: Loader: Injecting process 4316 (thread 4340) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,842 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,842 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,842 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:46,842 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,842 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4316
2020-02-14 15:53:46,875 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4316
2020-02-14 15:53:46,875 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,875 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,875 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,875 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,875 [root] DEBUG: Loader: Injecting process 4316 (thread 4340) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,875 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,890 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,890 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:46,890 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,890 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4316
2020-02-14 15:53:46,890 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:46,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:46,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:46,890 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:46,890 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:46,890 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,890 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:46,890 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:46,905 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_71827644852371714522020
2020-02-14 15:53:46,905 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_71827644852371714522020 (size 0xa000)
2020-02-14 15:53:46,905 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:46,905 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:46,905 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:46,905 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:46,905 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:46,921 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_200915849652371714522020
2020-02-14 15:53:46,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_200915849652371714522020 (size 0x7000)
2020-02-14 15:53:46,921 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:46,921 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:46,937 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4680
2020-02-14 15:53:46,937 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,937 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,937 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,937 [root] DEBUG: Loader: Injecting process 4680 (thread 4776) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,937 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,937 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,937 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:46,937 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,937 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4680
2020-02-14 15:53:46,967 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4680
2020-02-14 15:53:46,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:46,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:46,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:46,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:46,967 [root] DEBUG: Loader: Injecting process 4680 (thread 4776) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,967 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:46,983 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,983 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:46,983 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:46,983 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4680
2020-02-14 15:53:46,983 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:46,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:46,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:46,983 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:46,983 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:46,983 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:46,983 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:46,983 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:47,015 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_162138774452371714522020
2020-02-14 15:53:47,015 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_162138774452371714522020 (size 0xa000)
2020-02-14 15:53:47,015 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:47,015 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,015 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:47,015 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:47,015 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:47,015 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:47,030 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_135172978352371714522020
2020-02-14 15:53:47,030 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_135172978352371714522020 (size 0x7000)
2020-02-14 15:53:47,030 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:47,030 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:47,046 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5108
2020-02-14 15:53:47,062 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,062 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,062 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,062 [root] DEBUG: Loader: Injecting process 5108 (thread 5124) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,062 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,062 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,062 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:47,062 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,062 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5108
2020-02-14 15:53:47,092 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5108
2020-02-14 15:53:47,092 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,092 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,092 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,092 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,092 [root] DEBUG: Loader: Injecting process 5108 (thread 5124) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,092 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,092 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,092 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:47,092 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,092 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5108
2020-02-14 15:53:47,092 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:47,092 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:47,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:47,108 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:47,108 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:47,108 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,108 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:47,108 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:47,108 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_88410873653371714522020
2020-02-14 15:53:47,125 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_88410873653371714522020 (size 0xa000)
2020-02-14 15:53:47,125 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:47,125 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:47,125 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:47,125 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:47,125 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:47,233 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_178506050453371714522020
2020-02-14 15:53:47,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_178506050453371714522020 (size 0x7000)
2020-02-14 15:53:47,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:47,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:47,250 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5540
2020-02-14 15:53:47,250 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,250 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,250 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,250 [root] DEBUG: Loader: Injecting process 5540 (thread 5532) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,250 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,250 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,265 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:47,265 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,265 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5540
2020-02-14 15:53:47,280 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5540
2020-02-14 15:53:47,280 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,280 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,280 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,280 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,280 [root] DEBUG: Loader: Injecting process 5540 (thread 5532) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,280 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,280 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,280 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:47,296 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,296 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5540
2020-02-14 15:53:47,296 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:47,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:47,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:47,296 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:47,296 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:47,296 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,296 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:47,296 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:47,312 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_108193014455371714522020
2020-02-14 15:53:47,312 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_108193014455371714522020 (size 0xa000)
2020-02-14 15:53:47,312 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:47,312 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:47,312 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:47,312 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:47,312 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:47,342 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_113337229255371714522020
2020-02-14 15:53:47,342 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_113337229255371714522020 (size 0x7000)
2020-02-14 15:53:47,342 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:47,342 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:47,358 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6100
2020-02-14 15:53:47,358 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,358 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,358 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,358 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,358 [root] DEBUG: Loader: Injecting process 6100 (thread 6104) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,358 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,358 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,375 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:47,375 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,375 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6100
2020-02-14 15:53:47,390 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6100
2020-02-14 15:53:47,390 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,390 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,405 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,405 [root] DEBUG: Loader: Injecting process 6100 (thread 6104) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,405 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,405 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,405 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:47,405 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,405 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6100
2020-02-14 15:53:47,405 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:47,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:47,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:47,405 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:47,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:47,405 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,405 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:47,405 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:47,421 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_163736687655371714522020
2020-02-14 15:53:47,421 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_163736687655371714522020 (size 0xa000)
2020-02-14 15:53:47,421 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:47,421 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,421 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:47,421 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:47,421 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:47,421 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:47,437 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_49721890355371714522020
2020-02-14 15:53:47,437 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_49721890355371714522020 (size 0x7000)
2020-02-14 15:53:47,437 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:47,437 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:47,453 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4396
2020-02-14 15:53:47,453 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,453 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,453 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,453 [root] DEBUG: Loader: Injecting process 4396 (thread 4496) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,453 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,453 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,453 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:47,453 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,453 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4396
2020-02-14 15:53:47,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4396
2020-02-14 15:53:47,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,483 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,483 [root] DEBUG: Loader: Injecting process 4396 (thread 4496) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,483 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,483 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,483 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:47,483 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,483 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4396
2020-02-14 15:53:47,483 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:47,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:47,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:47,500 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:47,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:47,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:47,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:47,500 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_109697751256371714522020
2020-02-14 15:53:47,515 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_109697751256371714522020 (size 0xa000)
2020-02-14 15:53:47,515 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:47,515 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:47,515 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:47,515 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:47,515 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:47,515 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_139908470256371714522020
2020-02-14 15:53:47,530 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_139908470256371714522020 (size 0x7000)
2020-02-14 15:53:47,530 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:47,530 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:47,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4920
2020-02-14 15:53:47,546 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,546 [root] DEBUG: Loader: Injecting process 4920 (thread 4852) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,546 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,546 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,546 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:47,546 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,562 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4920
2020-02-14 15:53:47,578 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4920
2020-02-14 15:53:47,578 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,578 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,578 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,578 [root] DEBUG: Loader: Injecting process 4920 (thread 4852) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,578 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,578 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,578 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:47,578 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,592 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4920
2020-02-14 15:53:47,592 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:47,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:47,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:47,592 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:47,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:47,592 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,592 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:47,592 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:47,608 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_192553035657371714522020
2020-02-14 15:53:47,608 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_192553035657371714522020 (size 0xa000)
2020-02-14 15:53:47,608 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:47,608 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,608 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:47,608 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:47,608 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:47,608 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:47,625 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_72404746157371714522020
2020-02-14 15:53:47,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_72404746157371714522020 (size 0x7000)
2020-02-14 15:53:47,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:47,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:47,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5308
2020-02-14 15:53:47,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,640 [root] DEBUG: Loader: Injecting process 5308 (thread 5312) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,640 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:47,655 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,655 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5308
2020-02-14 15:53:47,671 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5308
2020-02-14 15:53:47,671 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,671 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,671 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,687 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,687 [root] DEBUG: Loader: Injecting process 5308 (thread 5312) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,687 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,687 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,687 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:47,687 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5308
2020-02-14 15:53:47,687 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:47,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:47,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:47,687 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:47,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:47,687 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,703 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:47,703 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:47,703 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_143936546558371714522020
2020-02-14 15:53:47,703 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_143936546558371714522020 (size 0xa000)
2020-02-14 15:53:47,703 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:47,703 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,717 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:47,717 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:47,717 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:47,717 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:47,717 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_155541184058371714522020
2020-02-14 15:53:47,717 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_155541184058371714522020 (size 0x7000)
2020-02-14 15:53:47,717 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:47,733 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:47,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5000
2020-02-14 15:53:47,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,750 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,750 [root] DEBUG: Loader: Injecting process 5000 (thread 5920) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,750 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,750 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,765 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:47,765 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,765 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5000
2020-02-14 15:53:47,780 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5000
2020-02-14 15:53:47,780 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,780 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,780 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,796 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,796 [root] DEBUG: Loader: Injecting process 5000 (thread 5920) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,796 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,796 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,796 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:47,796 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,796 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5000
2020-02-14 15:53:47,796 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:47,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:47,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:47,796 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:47,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:47,796 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:47,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:47,812 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_144562044159371714522020
2020-02-14 15:53:47,812 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_144562044159371714522020 (size 0xa000)
2020-02-14 15:53:47,812 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:47,812 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,812 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:47,812 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:47,812 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:47,812 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:47,828 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_127739837159371714522020
2020-02-14 15:53:47,842 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_127739837159371714522020 (size 0x7000)
2020-02-14 15:53:47,842 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:47,842 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:47,858 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4336
2020-02-14 15:53:47,858 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,858 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,858 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,858 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,858 [root] DEBUG: Loader: Injecting process 4336 (thread 4412) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,858 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,858 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,858 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:47,858 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,858 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4336
2020-02-14 15:53:47,890 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4336
2020-02-14 15:53:47,890 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,890 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,890 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,890 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,890 [root] DEBUG: Loader: Injecting process 4336 (thread 4412) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,890 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,890 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,890 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:47,890 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,890 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4336
2020-02-14 15:53:47,905 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:47,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:47,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:47,905 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:47,905 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:47,905 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,905 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:47,905 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:47,921 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_19672740530381714522020
2020-02-14 15:53:47,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_19672740530381714522020 (size 0xa000)
2020-02-14 15:53:47,921 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:47,921 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:47,921 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:47,921 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:47,921 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:47,921 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:47,921 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_3935164180381714522020
2020-02-14 15:53:47,921 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_3935164180381714522020 (size 0x7000)
2020-02-14 15:53:47,937 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:47,937 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:47,953 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4844
2020-02-14 15:53:47,967 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,967 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,967 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:47,967 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:47,967 [root] DEBUG: Loader: Injecting process 4844 (thread 4916) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,967 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:47,967 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,967 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:47,967 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:47,967 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4844
2020-02-14 15:53:47,983 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4844
2020-02-14 15:53:47,983 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:47,983 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:47,983 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,000 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,000 [root] DEBUG: Loader: Injecting process 4844 (thread 4916) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,000 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,000 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,000 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:48,000 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,000 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4844
2020-02-14 15:53:48,000 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:48,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:48,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:48,000 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:48,000 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:48,000 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,000 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:48,000 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:48,030 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_4844361041381714522020
2020-02-14 15:53:48,030 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_4844361041381714522020 (size 0xa000)
2020-02-14 15:53:48,030 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:48,030 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,030 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:48,030 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:48,030 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:48,030 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:48,046 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_8870246781381714522020
2020-02-14 15:53:48,046 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_8870246781381714522020 (size 0x7000)
2020-02-14 15:53:48,046 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:48,062 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:48,078 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5416
2020-02-14 15:53:48,078 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,078 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,078 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,078 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,078 [root] DEBUG: Loader: Injecting process 5416 (thread 5448) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,078 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,078 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,078 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:48,078 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,078 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5416
2020-02-14 15:53:48,108 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5416
2020-02-14 15:53:48,108 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,108 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,108 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,108 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,125 [root] DEBUG: Loader: Injecting process 5416 (thread 5448) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,125 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,125 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,125 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:48,125 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,125 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5416
2020-02-14 15:53:48,125 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:48,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:48,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:48,125 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:48,125 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:48,125 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,125 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:48,125 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:48,140 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_13562053182381714522020
2020-02-14 15:53:48,140 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_13562053182381714522020 (size 0xa000)
2020-02-14 15:53:48,140 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:48,140 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,140 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:48,140 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:48,140 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:48,140 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:48,155 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_9162825982381714522020
2020-02-14 15:53:48,155 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_9162825982381714522020 (size 0x7000)
2020-02-14 15:53:48,155 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:48,155 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:48,171 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5944
2020-02-14 15:53:48,171 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,171 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,171 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,171 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,171 [root] DEBUG: Loader: Injecting process 5944 (thread 4936) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,171 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,171 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,171 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:48,171 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,171 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5944
2020-02-14 15:53:48,203 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5944
2020-02-14 15:53:48,203 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,203 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,203 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,203 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,203 [root] DEBUG: Loader: Injecting process 5944 (thread 4936) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,203 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,203 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,203 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:48,203 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,217 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5944
2020-02-14 15:53:48,217 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:48,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:48,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:48,217 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:48,217 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:48,217 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,217 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:48,217 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:48,233 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_17469570582381714522020
2020-02-14 15:53:48,233 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_17469570582381714522020 (size 0xa000)
2020-02-14 15:53:48,233 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:48,233 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,233 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:48,233 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:48,233 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:48,233 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:48,250 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_19021799112381714522020
2020-02-14 15:53:48,250 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_19021799112381714522020 (size 0x7000)
2020-02-14 15:53:48,250 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:48,250 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:48,265 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4468
2020-02-14 15:53:48,265 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,265 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,265 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,265 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,265 [root] DEBUG: Loader: Injecting process 4468 (thread 4500) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,265 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,265 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,265 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:48,265 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,280 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4468
2020-02-14 15:53:48,296 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4468
2020-02-14 15:53:48,296 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,296 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,296 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,312 [root] DEBUG: Loader: Injecting process 4468 (thread 4500) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,312 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,312 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,312 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:48,312 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,312 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4468
2020-02-14 15:53:48,312 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:48,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:48,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:48,312 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:48,312 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:48,312 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,312 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:48,312 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:48,328 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_9679446954381714522020
2020-02-14 15:53:48,328 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_9679446954381714522020 (size 0xa000)
2020-02-14 15:53:48,328 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:48,328 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,328 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:48,328 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:48,328 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:48,328 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:48,342 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_11769271214381714522020
2020-02-14 15:53:48,342 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_11769271214381714522020 (size 0x7000)
2020-02-14 15:53:48,342 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:48,342 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:48,358 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5192
2020-02-14 15:53:48,358 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,358 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,358 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,358 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,358 [root] DEBUG: Loader: Injecting process 5192 (thread 5024) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,358 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,358 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,358 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:48,358 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,358 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5192
2020-02-14 15:53:48,390 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5192
2020-02-14 15:53:48,390 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,390 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,390 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,390 [root] DEBUG: Loader: Injecting process 5192 (thread 5024) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,390 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,390 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,390 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:48,390 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,390 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5192
2020-02-14 15:53:48,390 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:48,390 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:48,390 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:48,390 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:48,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:48,405 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,405 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:48,405 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:48,405 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_15440956015381714522020
2020-02-14 15:53:48,405 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_15440956015381714522020 (size 0xa000)
2020-02-14 15:53:48,405 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:48,405 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,405 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:48,405 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:48,421 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:48,421 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:48,421 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_4699512545381714522020
2020-02-14 15:53:48,421 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_4699512545381714522020 (size 0x7000)
2020-02-14 15:53:48,421 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:48,437 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:48,453 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5632
2020-02-14 15:53:48,453 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,453 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,453 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,453 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,453 [root] DEBUG: Loader: Injecting process 5632 (thread 5528) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,453 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,453 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,453 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:48,453 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,453 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5632
2020-02-14 15:53:48,483 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5632
2020-02-14 15:53:48,483 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,483 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,483 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,483 [root] DEBUG: Loader: Injecting process 5632 (thread 5528) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,483 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,483 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,483 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:48,500 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5632
2020-02-14 15:53:48,500 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:48,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:48,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:48,500 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:48,500 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:48,500 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,500 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:48,500 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:48,515 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_12089639855381714522020
2020-02-14 15:53:48,515 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_12089639855381714522020 (size 0xa000)
2020-02-14 15:53:48,515 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:48,515 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,515 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:48,515 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:48,515 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:48,515 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:48,515 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_13133043325381714522020
2020-02-14 15:53:48,515 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_13133043325381714522020 (size 0x7000)
2020-02-14 15:53:48,515 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:48,515 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:48,546 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6092
2020-02-14 15:53:48,546 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,546 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,562 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,562 [root] DEBUG: Loader: Injecting process 6092 (thread 6080) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,562 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,562 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,562 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:48,562 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,562 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6092
2020-02-14 15:53:48,578 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 6092
2020-02-14 15:53:48,578 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,578 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,578 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,592 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,592 [root] DEBUG: Loader: Injecting process 6092 (thread 6080) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,592 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,592 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,592 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:48,592 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,592 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 6092
2020-02-14 15:53:48,592 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:48,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:48,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:48,592 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:48,592 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:48,592 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,592 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:48,608 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:48,608 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_6823110866381714522020
2020-02-14 15:53:48,608 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_6823110866381714522020 (size 0xa000)
2020-02-14 15:53:48,608 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:48,608 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,608 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:48,608 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:48,625 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:48,625 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:48,625 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_4750267566381714522020
2020-02-14 15:53:48,625 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_4750267566381714522020 (size 0x7000)
2020-02-14 15:53:48,625 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:48,625 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:48,640 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4876
2020-02-14 15:53:48,640 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,640 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,640 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,640 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,640 [root] DEBUG: Loader: Injecting process 4876 (thread 1412) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,640 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,640 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:48,640 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,640 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4876
2020-02-14 15:53:48,655 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 4876
2020-02-14 15:53:48,655 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,655 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,671 [root] DEBUG: Loader: Injecting process 4876 (thread 1412) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,671 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,671 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,671 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:48,671 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4876
2020-02-14 15:53:48,671 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:48,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:48,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:48,671 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:48,671 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:48,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:48,671 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:48,687 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_294881047381714522020
2020-02-14 15:53:48,687 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_294881047381714522020 (size 0xa000)
2020-02-14 15:53:48,687 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:48,687 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,687 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:48,687 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:48,687 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:48,687 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:48,703 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_18391277207381714522020
2020-02-14 15:53:48,703 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_18391277207381714522020 (size 0x7000)
2020-02-14 15:53:48,703 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:48,703 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:48,717 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5464
2020-02-14 15:53:48,717 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,717 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,717 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,717 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,717 [root] DEBUG: Loader: Injecting process 5464 (thread 5468) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,717 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,717 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 15:53:48,717 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,733 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5464
2020-02-14 15:53:48,750 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5464
2020-02-14 15:53:48,750 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,750 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,750 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,765 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,765 [root] DEBUG: Loader: Injecting process 5464 (thread 5468) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,765 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,765 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,765 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 15:53:48,765 [root] DEBUG: Successfully injected DLL C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,765 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5464
2020-02-14 15:53:48,765 [root] DEBUG: NtTerminateProcess hook: Processing tracked regions before shutdown (process 2396).
2020-02-14 15:53:48,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00000000.
2020-02-14 15:53:48,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00400000.
2020-02-14 15:53:48,765 [root] DEBUG: ProcessImageBase: EP 0x00001234 image base 0x00400000 size 0x0 entropy -nan(ind).
2020-02-14 15:53:48,765 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x001E0000.
2020-02-14 15:53:48,780 [root] DEBUG: DumpPEsInRange: Scanning range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,780 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x1e0000-0x1ea000.
2020-02-14 15:53:48,780 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x001E0000 - 0x001EA000.
2020-02-14 15:53:48,780 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_5576708448381714522020
2020-02-14 15:53:48,780 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_5576708448381714522020 (size 0xa000)
2020-02-14 15:53:48,780 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x001E0000.
2020-02-14 15:53:48,796 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x1e0000 - 0x1ea000.
2020-02-14 15:53:48,796 [root] DEBUG: ProcessTrackedRegions: Processing region at 0x00290000.
2020-02-14 15:53:48,796 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x297000.
2020-02-14 15:53:48,796 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x297000.
2020-02-14 15:53:48,796 [root] DEBUG: DumpPEsInTrackedRegion: No PE images found in range range 0x00290000 - 0x00297000.
2020-02-14 15:53:48,796 [root] INFO: Added new CAPE file to list with path: C:\xnyzWYeX\CAPE\2396_12234143958381714522020
2020-02-14 15:53:48,796 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\xnyzWYeX\CAPE\2396_12234143958381714522020 (size 0x7000)
2020-02-14 15:53:48,796 [root] DEBUG: ProcessTrackedRegion: dumped executable memory range at 0x00290000.
2020-02-14 15:53:48,796 [root] DEBUG: ClearBreakpointsInRange: Clearing breakpoints in range 0x290000 - 0x297000.
2020-02-14 15:53:48,812 [root] INFO: Announced 32-bit process name: PRODUCT INQUIRY.exe pid: 5908
2020-02-14 15:53:48,905 [lib.api.process] INFO: Option 'extraction' with value '1' sent to monitor
2020-02-14 15:53:48,905 [lib.api.process] INFO: Option 'procdump' with value '0' sent to monitor
2020-02-14 15:53:48,905 [lib.api.process] INFO: 32-bit DLL to inject is C:\fijzxxkep\dll\UUvpFe.dll, loader C:\fijzxxkep\bin\raHySvl.exe
2020-02-14 15:53:48,905 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\FqDEwXz.
2020-02-14 15:53:48,905 [root] DEBUG: Loader: Injecting process 5908 (thread 4112) with C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,905 [root] DEBUG: Process image base: 0x00400000
2020-02-14 15:53:48,905 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\fijzxxkep\dll\UUvpFe.dll.
2020-02-14 15:53:48,905 [root] DEBUG: InjectDllViaIAT: Success