Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-02-14 17:50:02 2020-02-14 17:56:02 360 seconds Show Options Show Log
  • Info: The analysis hit the critical timeout, terminating.
route = inetsim
import_reconstruction = 1
procdump = 1
2020-02-14 18:50:18,000 [root] INFO: Date set to: 02-14-20, time set to: 17:50:18, timeout set to: 200
2020-02-14 18:50:18,046 [root] DEBUG: Starting analyzer from: C:\vxsrykg
2020-02-14 18:50:18,046 [root] DEBUG: Storing results at: C:\ATKVeLtUo
2020-02-14 18:50:18,046 [root] DEBUG: Pipe server name: \\.\PIPE\EBatGwfyxd
2020-02-14 18:50:18,046 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-02-14 18:50:18,046 [root] INFO: Automatically selected analysis package "exe"
2020-02-14 18:50:19,467 [root] DEBUG: Started auxiliary module Browser
2020-02-14 18:50:19,467 [root] DEBUG: Started auxiliary module Curtain
2020-02-14 18:50:19,467 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2020-02-14 18:50:20,140 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-02-14 18:50:20,140 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-02-14 18:50:20,140 [root] DEBUG: Started auxiliary module DigiSig
2020-02-14 18:50:20,140 [root] DEBUG: Started auxiliary module Disguise
2020-02-14 18:50:20,140 [root] DEBUG: Started auxiliary module Human
2020-02-14 18:50:20,140 [root] DEBUG: Started auxiliary module Screenshots
2020-02-14 18:50:20,140 [root] DEBUG: Started auxiliary module Sysmon
2020-02-14 18:50:20,140 [root] DEBUG: Started auxiliary module Usage
2020-02-14 18:50:20,140 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-02-14 18:50:20,140 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-02-14 18:50:21,062 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Rebecca\AppData\Local\Temp\LockBit.exe" with arguments "" with pid 3072
2020-02-14 18:50:23,733 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:23,733 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:23,733 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:24,250 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:24,421 [root] DEBUG: Loader: Injecting process 3072 (thread 3212) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:24,437 [root] DEBUG: Process image base: 0x00400000
2020-02-14 18:50:24,467 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:24,467 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:50:24,467 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:24,467 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3072
2020-02-14 18:50:26,467 [lib.api.process] INFO: Successfully resumed process with pid 3072
2020-02-14 18:50:26,467 [root] INFO: Added new process to list with pid: 3072
2020-02-14 18:50:27,750 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:50:27,750 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:50:27,765 [root] DEBUG: Process dumps enabled.
2020-02-14 18:50:28,217 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:50:28,217 [root] INFO: Disabling sleep skipping.
2020-02-14 18:50:28,217 [root] INFO: Disabling sleep skipping.
2020-02-14 18:50:28,217 [root] INFO: Disabling sleep skipping.
2020-02-14 18:50:28,217 [root] INFO: Disabling sleep skipping.
2020-02-14 18:50:28,217 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 3072 at 0x6a0f0000, image base 0x400000, stack from 0x126000-0x130000
2020-02-14 18:50:28,217 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\"C:\Users\Rebecca\AppData\Local\Temp\LockBit.exe".
2020-02-14 18:50:28,217 [root] INFO: Monitor successfully loaded in process with pid 3072.
2020-02-14 18:50:28,233 [root] DEBUG: DLL loaded at 0x746E0000: C:\Windows\system32\bcrypt (0x17000 bytes).
2020-02-14 18:50:28,233 [root] DEBUG: DLL loaded at 0x74660000: C:\Windows\system32\bcryptprimitives (0x3d000 bytes).
2020-02-14 18:50:28,342 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-02-14 18:50:28,437 [root] DEBUG: DLL loaded at 0x737B0000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2020-02-14 18:50:28,483 [root] DEBUG: DLL loaded at 0x76160000: C:\Windows\system32\OLEAUT32 (0x91000 bytes).
2020-02-14 18:50:28,546 [root] DEBUG: DLL loaded at 0x73AF0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-02-14 18:50:28,592 [root] DEBUG: DLL loaded at 0x74A70000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-02-14 18:50:28,640 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-02-14 18:50:28,687 [root] DEBUG: DLL loaded at 0x6E030000: C:\Windows\System32\ieframe (0xd12000 bytes).
2020-02-14 18:50:28,733 [root] DEBUG: DLL loaded at 0x74D90000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-02-14 18:50:28,765 [root] DEBUG: DLL loaded at 0x74E60000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-02-14 18:50:28,812 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-02-14 18:50:28,858 [root] DEBUG: DLL loaded at 0x6DCB0000: C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2020-02-14 18:50:28,905 [root] DEBUG: DLL loaded at 0x74E40000: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-02-14 18:50:28,953 [root] DEBUG: DLL loaded at 0x74060000: C:\Windows\system32\version (0x9000 bytes).
2020-02-14 18:50:28,983 [root] DEBUG: DLL loaded at 0x74E10000: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-02-14 18:50:29,030 [root] DEBUG: DLL loaded at 0x75120000: C:\Windows\system32\normaliz (0x3000 bytes).
2020-02-14 18:50:29,062 [root] DEBUG: DLL loaded at 0x75F20000: C:\Windows\system32\iertutil (0x236000 bytes).
2020-02-14 18:50:29,108 [root] DEBUG: DLL loaded at 0x72A90000: C:\Windows\System32\WINHTTP (0x58000 bytes).
2020-02-14 18:50:29,155 [root] DEBUG: DLL loaded at 0x72430000: C:\Windows\System32\webio (0x50000 bytes).
2020-02-14 18:50:29,155 [root] DEBUG: DLL unloaded from 0x75290000.
2020-02-14 18:50:29,187 [root] DEBUG: DLL loaded at 0x73760000: C:\Windows\system32\ntmarta (0x21000 bytes).
2020-02-14 18:50:29,187 [root] DEBUG: DLL loaded at 0x76FC0000: C:\Windows\system32\WLDAP32 (0x45000 bytes).
2020-02-14 18:50:29,296 [root] DEBUG: DLL loaded at 0x75530000: C:\Windows\system32\SETUPAPI (0x19d000 bytes).
2020-02-14 18:50:29,296 [root] DEBUG: DLL loaded at 0x74D60000: C:\Windows\system32\CFGMGR32 (0x27000 bytes).
2020-02-14 18:50:29,312 [root] DEBUG: DLL loaded at 0x74DA0000: C:\Windows\system32\DEVOBJ (0x12000 bytes).
2020-02-14 18:50:29,312 [root] DEBUG: DLL loaded at 0x70790000: C:\Windows\system32\cscapi (0xb000 bytes).
2020-02-14 18:50:29,312 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\system32\profapi (0xb000 bytes).
2020-02-14 18:50:29,312 [root] DEBUG: DLL loaded at 0x75380000: C:\Windows\system32\urlmon (0x150000 bytes).
2020-02-14 18:50:29,312 [root] DEBUG: DLL loaded at 0x74E50000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-02-14 18:50:29,796 [root] DEBUG: DLL loaded at 0x75AE0000: C:\Windows\system32\WININET (0x437000 bytes).
2020-02-14 18:50:29,796 [root] DEBUG: DLL loaded at 0x74E20000: C:\Windows\system32\USERENV (0x17000 bytes).
2020-02-14 18:50:29,796 [root] DEBUG: DLL loaded at 0x74850000: C:\Windows\system32\Secur32 (0x8000 bytes).
2020-02-14 18:50:29,905 [root] INFO: Announced 32-bit process name: cmd.exe pid: 2904
2020-02-14 18:50:29,905 [root] DEBUG: DLL loaded at 0x72D30000: C:\Windows\system32\dhcpcsvc (0x12000 bytes).
2020-02-14 18:50:29,921 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:29,921 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:29,921 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:29,921 [root] DEBUG: DLL unloaded from 0x76200000.
2020-02-14 18:50:29,921 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:29,921 [root] DEBUG: Loader: Injecting process 2904 (thread 2640) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:29,921 [root] DEBUG: Process image base: 0x4A890000
2020-02-14 18:50:29,921 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:29,921 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:50:29,921 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:29,937 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2904
2020-02-14 18:50:29,937 [root] DEBUG: DLL loaded at 0x74550000: C:\Windows\system32\mswsock (0x3c000 bytes).
2020-02-14 18:50:29,937 [root] DEBUG: DLL loaded at 0x740F0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2020-02-14 18:50:30,000 [root] INFO: Announced 32-bit process name: cmd.exe pid: 2904
2020-02-14 18:50:30,000 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:30,000 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:30,000 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:30,000 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:30,000 [root] DEBUG: Loader: Injecting process 2904 (thread 2640) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:30,000 [root] DEBUG: Process image base: 0x4A890000
2020-02-14 18:50:30,000 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:30,000 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:50:30,000 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:30,015 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2904
2020-02-14 18:50:30,187 [root] DEBUG: DLL loaded at 0x6C780000: C:\Windows\system32\sfc (0x3000 bytes).
2020-02-14 18:50:30,203 [root] DEBUG: DLL loaded at 0x6C0F0000: C:\Windows\system32\sfc_os (0xd000 bytes).
2020-02-14 18:50:30,312 [root] DEBUG: DLL unloaded from 0x6C780000.
2020-02-14 18:50:30,328 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:50:30,328 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:50:30,328 [root] DEBUG: Process dumps enabled.
2020-02-14 18:50:30,342 [root] INFO: Disabling sleep skipping.
2020-02-14 18:50:30,342 [root] DEBUG: DLL unloaded from 0x6E030000.
2020-02-14 18:50:30,342 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:50:30,342 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 2904 at 0x6a0f0000, image base 0x4a890000, stack from 0xd3000-0x1d0000
2020-02-14 18:50:30,342 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\"C:\Windows\System32\cmd.exe" \c vssadmin delete shadows \all \quiet & wmic shadowcopy delete & bcdedit \set {default} bootstatuspolicy ignoreallfailures & bcdedit \set {default} recoveryenabled no & wbad
2020-02-14 18:50:30,342 [root] INFO: Added new process to list with pid: 2904
2020-02-14 18:50:30,342 [root] INFO: Monitor successfully loaded in process with pid 2904.
2020-02-14 18:50:30,578 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:50:30,828 [root] DEBUG: DLL unloaded from 0x76200000.
2020-02-14 18:50:30,828 [root] INFO: Announced 32-bit process name: vssadmin.exe pid: 2756
2020-02-14 18:50:30,828 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:30,828 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:30,828 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:30,828 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:30,828 [root] DEBUG: Loader: Injecting process 2756 (thread 2128) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:30,828 [root] DEBUG: Process image base: 0x00750000
2020-02-14 18:50:30,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:30,875 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:50:30,875 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:30,875 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2756
2020-02-14 18:50:30,875 [root] DEBUG: DLL loaded at 0x74A70000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-02-14 18:50:30,921 [root] INFO: Announced 32-bit process name: vssadmin.exe pid: 2756
2020-02-14 18:50:30,921 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:30,921 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:30,921 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:30,921 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:30,921 [root] DEBUG: Loader: Injecting process 2756 (thread 2128) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:30,921 [root] DEBUG: Process image base: 0x00750000
2020-02-14 18:50:30,921 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:30,921 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:50:30,921 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:30,921 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2756
2020-02-14 18:50:31,140 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:50:31,140 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:50:31,140 [root] DEBUG: Process dumps enabled.
2020-02-14 18:50:31,155 [root] INFO: Disabling sleep skipping.
2020-02-14 18:50:31,155 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:50:31,155 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 2756 at 0x6a0f0000, image base 0x750000, stack from 0x1b6000-0x1c0000
2020-02-14 18:50:31,171 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\vssadmin  delete shadows \all \quiet.
2020-02-14 18:50:31,171 [root] INFO: Added new process to list with pid: 2756
2020-02-14 18:50:31,171 [root] INFO: Monitor successfully loaded in process with pid 2756.
2020-02-14 18:50:31,171 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-02-14 18:50:31,171 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-02-14 18:50:31,187 [root] DEBUG: DLL loaded at 0x74590000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-02-14 18:50:31,187 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-02-14 18:50:31,187 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-02-14 18:50:31,467 [root] INFO: Announced 32-bit process name: vssadmin.exe pid: 3972
2020-02-14 18:50:31,467 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:31,483 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:31,483 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:31,483 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:31,483 [root] DEBUG: Loader: Injecting process 3972 (thread 648) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:31,483 [root] DEBUG: Process image base: 0x00750000
2020-02-14 18:50:31,483 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:31,483 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:50:31,483 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:31,483 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3972
2020-02-14 18:50:31,515 [root] INFO: Announced 32-bit process name: vssadmin.exe pid: 3972
2020-02-14 18:50:31,515 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:31,515 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:31,515 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:31,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:31,640 [root] DEBUG: Loader: Injecting process 3972 (thread 648) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:31,717 [root] DEBUG: Process image base: 0x00750000
2020-02-14 18:50:31,750 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:31,842 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:50:31,937 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:31,953 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3972
2020-02-14 18:50:32,155 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:50:32,155 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:50:32,203 [root] DEBUG: Process dumps enabled.
2020-02-14 18:50:32,250 [root] INFO: Disabling sleep skipping.
2020-02-14 18:50:32,296 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:50:32,312 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 3972 at 0x6a0f0000, image base 0x750000, stack from 0xd6000-0xe0000
2020-02-14 18:50:32,421 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\vssadmin.exe Delete Shadows \All \Quiet.
2020-02-14 18:50:32,453 [root] DEBUG: DLL loaded at 0x6A4B0000: C:\Windows\system32\vss_ps (0xa000 bytes).
2020-02-14 18:50:32,453 [root] INFO: Added new process to list with pid: 3972
2020-02-14 18:50:32,453 [root] INFO: Monitor successfully loaded in process with pid 3972.
2020-02-14 18:50:32,500 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-02-14 18:50:32,562 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-02-14 18:50:32,562 [root] DEBUG: DLL loaded at 0x74590000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-02-14 18:50:32,562 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-02-14 18:50:32,562 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-02-14 18:50:32,578 [root] DEBUG: DLL loaded at 0x6A4B0000: C:\Windows\system32\vss_ps (0xa000 bytes).
2020-02-14 18:50:37,062 [lib.common.results] ERROR: Exception uploading file C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\AcroForm.api to host: [Errno 10053] An established connection was aborted by the software in your host machine
2020-02-14 18:50:47,562 [root] DEBUG: DLL unloaded from 0x6A4B0000.
2020-02-14 18:50:47,562 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 3972
2020-02-14 18:50:47,562 [root] DEBUG: GetHookCallerBase: thread 648 (handle 0x0), return address 0x00761DE9, allocation base 0x00750000.
2020-02-14 18:50:47,562 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00750000.
2020-02-14 18:50:47,562 [root] DEBUG: ApiReader: module list size: 27
2020-02-14 18:50:47,562 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,562 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,655 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,671 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,671 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:50:47,671 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:50:47,671 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:50:47,671 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:47,687 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:50:47,687 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:50:47,687 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:50:47,687 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:50:47,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:47,780 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:50:47,780 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\atl.dll
2020-02-14 18:50:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\atl.dll
2020-02-14 18:50:47,780 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\vsstrace.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\vsstrace.dll
2020-02-14 18:50:47,796 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:50:47,796 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\vssapi.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\vssapi.dll
2020-02-14 18:50:47,796 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:47,796 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:50:47,796 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:47,812 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:50:47,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:50:47,812 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:50:47,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:50:47,812 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:50:47,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:50:47,812 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:50:47,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:50:47,812 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2020-02-14 18:50:47,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2020-02-14 18:50:47,812 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2020-02-14 18:50:47,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2020-02-14 18:50:47,812 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00750000
2020-02-14 18:50:47,812 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00761F03
2020-02-14 18:50:48,171 [root] DEBUG: DLL unloaded from 0x6A4B0000.
2020-02-14 18:50:48,171 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2756
2020-02-14 18:50:48,171 [root] DEBUG: GetHookCallerBase: thread 2128 (handle 0x0), return address 0x00761DE9, allocation base 0x00750000.
2020-02-14 18:50:48,171 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00750000.
2020-02-14 18:50:48,171 [root] DEBUG: ApiReader: module list size: 27
2020-02-14 18:50:48,171 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,171 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,280 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,280 [root] DEBUG: Module image dump success
2020-02-14 18:50:48,280 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,280 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x750ffc, size: 0x258
2020-02-14 18:50:48,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,296 [root] DEBUG: IAT parsing finished, found 141 valid APIs, missed 0 APIs
2020-02-14 18:50:48,296 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:50:48,296 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:50:48,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:50:48,296 [root] DEBUG: Adding module to module list: atl.dll
2020-02-14 18:50:48,296 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:50:48,296 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:50:48,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:50:48,296 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-02-14 18:50:48,296 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:50:48,296 [root] DEBUG: Adding module to module list: user32.dll
2020-02-14 18:50:48,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:50:48,296 [root] DEBUG: Adding module to module list: vssapi.dll
2020-02-14 18:50:48,296 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:50:48,296 [root] DEBUG: Adding module to module list: vsstrace.dll
2020-02-14 18:50:48,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:50:48,296 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:50:48,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,296 [root] DEBUG: Adding module to module list: ole32.dll
2020-02-14 18:50:48,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,296 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:50:48,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,296 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:48,312 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:48,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:50:48,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:50:48,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:50:48,328 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:50:48,328 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:50:48,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:50:48,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\atl.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\atl.dll
2020-02-14 18:50:48,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\vsstrace.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\vsstrace.dll
2020-02-14 18:50:48,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:50:48,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\vssapi.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\vssapi.dll
2020-02-14 18:50:48,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:50:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:50:48,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:50:48,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:50:48,437 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:50:48,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:50:48,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,453 [root] INFO: Added new CAPE file to list with path: C:\ATKVeLtUo\CAPE\3972_7324189354812215622020
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:48,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:50:48,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:50:48,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:50:48,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:50:48,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2020-02-14 18:50:48,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2020-02-14 18:50:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2020-02-14 18:50:48,467 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00750000
2020-02-14 18:50:48,467 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00761F03
2020-02-14 18:50:48,483 [root] DEBUG: Module image dump success
2020-02-14 18:50:48,483 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x750ffc, size: 0x258
2020-02-14 18:50:48,483 [root] DEBUG: IAT parsing finished, found 141 valid APIs, missed 0 APIs
2020-02-14 18:50:48,500 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:50:48,500 [root] INFO: Process with pid 3972 has terminated
2020-02-14 18:50:48,500 [root] DEBUG: Adding module to module list: atl.dll
2020-02-14 18:50:48,500 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:50:48,500 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-02-14 18:50:48,500 [root] DEBUG: Adding module to module list: user32.dll
2020-02-14 18:50:48,500 [root] DEBUG: Adding module to module list: vssapi.dll
2020-02-14 18:50:48,500 [root] DEBUG: Adding module to module list: vsstrace.dll
2020-02-14 18:50:48,500 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:50:48,515 [root] DEBUG: Adding module to module list: ole32.dll
2020-02-14 18:50:48,515 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:50:48,515 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:50:48,515 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:50:48,655 [root] INFO: Added new CAPE file to list with path: C:\ATKVeLtUo\CAPE\2756_18649099064812215622020
2020-02-14 18:50:48,890 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:50:48,905 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:50:48,905 [root] INFO: Notified of termination of process with pid 2756.
2020-02-14 18:50:49,796 [root] INFO: Announced 32-bit process name: WMIC.exe pid: 3596
2020-02-14 18:50:49,858 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:49,858 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:49,858 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:50,078 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:50,078 [root] INFO: Announced 32-bit process name: bcdedit.exe pid: 4004
2020-02-14 18:50:50,140 [root] DEBUG: Loader: Injecting process 3596 (thread 2336) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:50,140 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:50,140 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:50,140 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:50,233 [root] DEBUG: Process image base: 0x00060000
2020-02-14 18:50:50,280 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:50,375 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:50,421 [root] DEBUG: Loader: Injecting process 4004 (thread 2800) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:50,500 [root] DEBUG: Process image base: 0x00FD0000
2020-02-14 18:50:50,592 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:51,530 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:50:51,578 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:51,625 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4004
2020-02-14 18:50:51,671 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:50:51,765 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:51,812 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3596
2020-02-14 18:50:51,905 [root] INFO: Announced 32-bit process name: WMIC.exe pid: 3596
2020-02-14 18:50:51,905 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:51,905 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:51,905 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:52,062 [root] INFO: Announced 32-bit process name: bcdedit.exe pid: 4004
2020-02-14 18:50:52,062 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:50:52,062 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:50:52,092 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:50:52,155 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:52,265 [root] DEBUG: Loader: Injecting process 3596 (thread 2336) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:52,312 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:50:52,312 [root] DEBUG: Process image base: 0x00060000
2020-02-14 18:50:52,405 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:52,405 [root] DEBUG: Loader: Injecting process 4004 (thread 2800) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:52,467 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:50:52,562 [root] DEBUG: Process image base: 0x00FD0000
2020-02-14 18:50:52,562 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:52,608 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3596
2020-02-14 18:50:52,608 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:52,671 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:50:52,733 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:50:52,780 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4004
2020-02-14 18:50:53,155 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:50:53,155 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:50:53,265 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:50:53,328 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:50:53,328 [root] DEBUG: Process dumps enabled.
2020-02-14 18:50:53,405 [root] DEBUG: Process dumps enabled.
2020-02-14 18:50:53,546 [root] INFO: Disabling sleep skipping.
2020-02-14 18:50:53,592 [root] INFO: Disabling sleep skipping.
2020-02-14 18:50:53,592 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:50:53,640 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 4004 at 0x6a0f0000, image base 0xfd0000, stack from 0x236000-0x240000
2020-02-14 18:50:53,640 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:50:53,703 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\bcdedit.exe \set {default} recoveryenabled No.
2020-02-14 18:50:53,703 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 3596 at 0x6a0f0000, image base 0x60000, stack from 0x196000-0x1a0000
2020-02-14 18:50:53,750 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\wmic  shadowcopy delete.
2020-02-14 18:50:53,750 [root] INFO: Added new process to list with pid: 4004
2020-02-14 18:50:53,750 [root] INFO: Monitor successfully loaded in process with pid 4004.
2020-02-14 18:50:53,796 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:50:53,796 [root] INFO: Added new process to list with pid: 3596
2020-02-14 18:50:53,796 [root] INFO: Monitor successfully loaded in process with pid 3596.
2020-02-14 18:50:53,842 [root] DEBUG: DLL unloaded from 0x00FD0000.
2020-02-14 18:50:53,937 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 4004
2020-02-14 18:50:53,983 [root] DEBUG: GetHookCallerBase: thread 2800 (handle 0x0), return address 0x00FE2556, allocation base 0x00FD0000.
2020-02-14 18:50:54,030 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00FD0000.
2020-02-14 18:50:54,125 [root] DEBUG: ApiReader: module list size: 18
2020-02-14 18:50:54,233 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:54,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:54,328 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-02-14 18:50:54,390 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:54,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:50:54,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:54,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:54,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:54,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:54,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:54,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:55,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:56,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:57,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:58,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:58,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:58,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,155 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:59,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:50:59,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:50:59,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:00,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:01,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:02,687 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:02,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:02,780 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:02,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:02,953 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:51:03,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:51:03,046 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:51:03,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:51:03,140 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:51:03,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:51:03,280 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:51:03,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:51:03,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:03,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:03,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:03,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:03,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:03,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:03,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:03,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:03,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:04,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:04,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:05,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:05,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:05,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:05,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:05,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:05,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:05,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:05,390 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:51:05,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:51:05,483 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:05,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:05,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:05,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:05,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:05,765 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:51:05,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:51:05,858 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:51:05,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:51:06,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:06,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:06,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:06,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:07,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:07,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:07,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:07,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:07,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:07,250 [root] INFO: Stopped WMI Service
2020-02-14 18:51:07,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:07,250 [root] INFO: Attaching to DcomLaunch service (pid 552)
2020-02-14 18:51:07,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:07,342 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:51:07,342 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:51:07,342 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:51:07,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:07,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:07,530 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:51:07,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:07,578 [root] DEBUG: Loader: Injecting process 552 (thread 0) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:07,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:07,687 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 556, handle 0x7c
2020-02-14 18:51:07,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:07,733 [root] DEBUG: Process image base: 0x00B60000
2020-02-14 18:51:07,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:07,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:07,780 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2020-02-14 18:51:07,828 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-02-14 18:51:07,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:07,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:07,921 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:51:07,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:07,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:07,967 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:51:08,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:08,015 [root] DEBUG: Process dumps enabled.
2020-02-14 18:51:08,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:08,108 [root] INFO: Disabling sleep skipping.
2020-02-14 18:51:08,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:08,203 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 552 at 0x6a0f0000, image base 0xb60000, stack from 0xe66000-0xe70000
2020-02-14 18:51:08,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:08,250 [root] DEBUG: Commandline: C:\Windows\System32\svchost.exe -k DcomLaunch.
2020-02-14 18:51:08,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:08,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:08,328 [root] INFO: Added new process to list with pid: 552
2020-02-14 18:51:08,328 [root] INFO: Monitor successfully loaded in process with pid 552.
2020-02-14 18:51:08,375 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-02-14 18:51:08,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:08,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:08,421 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-02-14 18:51:08,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:08,467 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:08,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:08,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:08,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:08,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:08,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:08,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:08,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:08,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:09,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:09,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:09,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:09,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:09,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:09,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:09,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:09,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:09,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:09,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:09,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:09,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:09,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:09,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:10,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:10,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:10,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:10,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:10,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:10,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:10,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:10,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:10,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:10,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:10,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:10,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:10,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:10,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:10,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:11,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:11,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:11,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:12,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:12,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:12,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:12,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:12,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:12,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:12,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:12,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:12,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:12,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:12,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:12,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:12,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:12,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:12,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:12,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,375 [root] INFO: Started WMI Service
2020-02-14 18:51:13,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:13,375 [root] INFO: Attaching to WMI service (pid 2052)
2020-02-14 18:51:13,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:13,421 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:51:13,421 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:51:13,421 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:51:13,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:13,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:13,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:51:13,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,655 [root] DEBUG: Loader: Injecting process 2052 (thread 0) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:13,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:13,703 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 2136, handle 0x7c
2020-02-14 18:51:13,750 [root] DEBUG: Process image base: 0x00B60000
2020-02-14 18:51:13,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,796 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2020-02-14 18:51:13,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,842 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-02-14 18:51:13,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:13,967 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:51:13,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:14,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:14,015 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:51:14,078 [root] DEBUG: Process dumps enabled.
2020-02-14 18:51:14,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:14,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:14,203 [root] INFO: Disabling sleep skipping.
2020-02-14 18:51:14,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:14,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:14,265 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 2052 at 0x6a0f0000, image base 0xb60000, stack from 0x686000-0x690000
2020-02-14 18:51:14,328 [root] DEBUG: Commandline: C:\Windows\System32\svchost.exe -k netsvcs.
2020-02-14 18:51:14,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:14,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:14,390 [root] INFO: Added new process to list with pid: 2052
2020-02-14 18:51:14,390 [root] INFO: Monitor successfully loaded in process with pid 2052.
2020-02-14 18:51:14,453 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-02-14 18:51:14,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:14,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:14,515 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-02-14 18:51:14,687 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:14,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:14,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:14,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:14,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:15,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:15,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:15,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:15,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:15,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:15,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:15,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:15,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:15,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:15,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:16,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:16,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:51:16,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:51:16,375 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:51:16,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:51:16,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:16,608 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:51:16,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:51:16,750 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:51:16,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:51:16,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:16,875 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-02-14 18:51:16,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:16,921 [root] DEBUG: DLL loaded at 0x71A90000: C:\Windows\system32\wbem\wbemprox (0xb000 bytes).
2020-02-14 18:51:16,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:16,967 [root] DEBUG: DLL loaded at 0x72200000: C:\Windows\system32\wbemcomn2 (0x61000 bytes).
2020-02-14 18:51:17,015 [root] DEBUG: DLL loaded at 0x746E0000: C:\Windows\system32\bcrypt (0x17000 bytes).
2020-02-14 18:51:17,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,203 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:51:17,250 [root] DEBUG: DLL loaded at 0x6CD90000: C:\Windows\System32\msxml3 (0x134000 bytes).
2020-02-14 18:51:17,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,296 [root] DEBUG: DLL loaded at 0x75380000: C:\Windows\system32\urlmon (0x150000 bytes).
2020-02-14 18:51:17,342 [root] DEBUG: DLL loaded at 0x74E50000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-02-14 18:51:17,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,405 [root] DEBUG: DLL loaded at 0x74E60000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-02-14 18:51:17,453 [root] DEBUG: DLL loaded at 0x74D90000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-02-14 18:51:17,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,500 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-02-14 18:51:17,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,546 [root] DEBUG: DLL loaded at 0x74E40000: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-02-14 18:51:17,640 [root] DEBUG: DLL loaded at 0x74060000: C:\Windows\system32\version (0x9000 bytes).
2020-02-14 18:51:17,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,687 [root] DEBUG: DLL loaded at 0x74E10000: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-02-14 18:51:17,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,733 [root] DEBUG: DLL loaded at 0x75120000: C:\Windows\system32\normaliz (0x3000 bytes).
2020-02-14 18:51:17,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:17,780 [root] DEBUG: DLL loaded at 0x75F20000: C:\Windows\system32\iertutil (0x236000 bytes).
2020-02-14 18:51:17,780 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:17,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:17,828 [root] DEBUG: DLL loaded at 0x75AE0000: C:\Windows\system32\WININET (0x437000 bytes).
2020-02-14 18:51:17,983 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00FD0000
2020-02-14 18:51:17,983 [root] DEBUG: DLL loaded at 0x74E20000: C:\Windows\system32\USERENV (0x17000 bytes).
2020-02-14 18:51:18,046 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00FE2670
2020-02-14 18:51:18,046 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\system32\profapi (0xb000 bytes).
2020-02-14 18:51:18,108 [root] DEBUG: Module image dump success
2020-02-14 18:51:18,108 [root] DEBUG: DLL loaded at 0x6CCB0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0 (0x4000 bytes).
2020-02-14 18:51:18,250 [root] DEBUG: DumpProcessFixImports: Found IAT - 0xfd0ffc, size: 0x284
2020-02-14 18:51:18,312 [root] DEBUG: IAT parsing finished, found 157 valid APIs, missed 0 APIs
2020-02-14 18:51:18,312 [root] DEBUG: DLL loaded at 0x74590000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-02-14 18:51:18,421 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-02-14 18:51:18,421 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:51:18,467 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-02-14 18:51:18,467 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:51:18,530 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:51:18,592 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:51:18,640 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:51:18,687 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:51:18,828 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:51:18,828 [root] DEBUG: DLL loaded at 0x6CF20000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF (0xe000 bytes).
2020-02-14 18:51:18,875 [root] DEBUG: DLL loaded at 0x6FB00000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\VCRUNTIME140 (0x15000 bytes).
2020-02-14 18:51:18,875 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:51:19,000 [root] DEBUG: DLL loaded at 0x6F690000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-runtime-l1-1-0 (0x4000 bytes).
2020-02-14 18:51:19,000 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:51:19,046 [root] DEBUG: DLL loaded at 0x6A2B0000: C:\Windows\system32\ucrtbase (0xe0000 bytes).
2020-02-14 18:51:19,046 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\cryptbase (0xc000 bytes).
2020-02-14 18:51:19,092 [root] DEBUG: DLL loaded at 0x6CD60000: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0 (0x3000 bytes).
2020-02-14 18:51:19,092 [root] INFO: Added new CAPE file to list with path: C:\ATKVeLtUo\CAPE\4004_01911215622020
2020-02-14 18:51:19,140 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:51:19,140 [root] DEBUG: DLL loaded at 0x6C9D0000: C:\Windows\system32\api-ms-win-core-file-l2-1-0 (0x3000 bytes).
2020-02-14 18:51:19,187 [root] DEBUG: DLL loaded at 0x6C9B0000: C:\Windows\system32\api-ms-win-core-localization-l1-2-0 (0x3000 bytes).
2020-02-14 18:51:19,187 [root] INFO: Notified of termination of process with pid 4004.
2020-02-14 18:51:19,296 [root] DEBUG: DLL loaded at 0x6C8B0000: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1 (0x3000 bytes).
2020-02-14 18:51:19,312 [root] INFO: Announced 32-bit process name: bcdedit.exe pid: 2192
2020-02-14 18:51:19,390 [root] DEBUG: DLL loaded at 0x6C7A0000: C:\Windows\system32\api-ms-win-core-file-l1-2-0 (0x3000 bytes).
2020-02-14 18:51:19,390 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:51:19,390 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:51:19,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:51:19,483 [root] DEBUG: DLL loaded at 0x6F220000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-string-l1-1-0 (0x4000 bytes).
2020-02-14 18:51:19,578 [root] DEBUG: DLL loaded at 0x6F210000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-heap-l1-1-0 (0x3000 bytes).
2020-02-14 18:51:19,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:51:19,671 [root] DEBUG: DLL loaded at 0x6F200000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-stdio-l1-1-0 (0x4000 bytes).
2020-02-14 18:51:19,671 [root] DEBUG: Loader: Injecting process 2192 (thread 3836) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:19,750 [root] DEBUG: DLL loaded at 0x6F1F0000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-convert-l1-1-0 (0x4000 bytes).
2020-02-14 18:51:19,765 [root] DEBUG: Process image base: 0x009D0000
2020-02-14 18:51:19,858 [root] DEBUG: DLL loaded at 0x6F1E0000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-locale-l1-1-0 (0x3000 bytes).
2020-02-14 18:51:19,858 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:19,967 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:51:20,108 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:20,217 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2192
2020-02-14 18:51:20,233 [root] DEBUG: DLL loaded at 0x722A0000: C:\Windows\system32\VSSAPI (0x116000 bytes).
2020-02-14 18:51:20,358 [root] DEBUG: DLL loaded at 0x73140000: C:\Windows\system32\ATL (0x14000 bytes).
2020-02-14 18:51:20,375 [root] INFO: Announced 32-bit process name: bcdedit.exe pid: 2192
2020-02-14 18:51:20,375 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\VssTrace (0x10000 bytes).
2020-02-14 18:51:20,375 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:51:20,390 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:51:20,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:51:20,530 [root] DEBUG: DLL loaded at 0x72C60000: C:\Windows\system32\samcli (0xf000 bytes).
2020-02-14 18:51:20,546 [root] DEBUG: DLL loaded at 0x738C0000: C:\Windows\system32\SAMLIB (0x12000 bytes).
2020-02-14 18:51:20,671 [root] DEBUG: DLL loaded at 0x738B0000: C:\Windows\system32\netutils (0x9000 bytes).
2020-02-14 18:51:20,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:51:20,687 [root] DEBUG: Loader: Injecting process 2192 (thread 3836) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:20,687 [root] DEBUG: DLL loaded at 0x730F0000: C:\Windows\system32\es (0x47000 bytes).
2020-02-14 18:51:20,750 [root] DEBUG: Process image base: 0x009D0000
2020-02-14 18:51:20,765 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:20,828 [root] DEBUG: DLL loaded at 0x737B0000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2020-02-14 18:51:20,828 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:51:20,828 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:20,905 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2192
2020-02-14 18:51:20,905 [root] DEBUG: DLL loaded at 0x71850000: C:\Windows\system32\wbem\wbemcore (0xf1000 bytes).
2020-02-14 18:51:20,967 [root] DEBUG: DLL loaded at 0x74060000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-02-14 18:51:20,967 [root] DEBUG: DLL loaded at 0x717C0000: C:\Windows\system32\wbem\esscli (0x4a000 bytes).
2020-02-14 18:51:21,046 [root] DEBUG: DLL loaded at 0x720D0000: C:\Windows\system32\wbem\FastProx (0xa6000 bytes).
2020-02-14 18:51:21,046 [root] DEBUG: DLL loaded at 0x71D00000: C:\Windows\system32\NTDSAPI (0x18000 bytes).
2020-02-14 18:51:21,046 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:51:21,108 [root] DEBUG: DLL unloaded from 0x71850000.
2020-02-14 18:51:21,108 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:51:21,125 [root] DEBUG: DLL loaded at 0x716A0000: C:\Windows\system32\wbem\wbemsvc (0xf000 bytes).
2020-02-14 18:51:21,125 [root] DEBUG: Process dumps enabled.
2020-02-14 18:51:21,203 [root] DEBUG: DLL loaded at 0x716A0000: C:\Windows\system32\wbem\wbemsvc (0xf000 bytes).
2020-02-14 18:51:21,203 [root] INFO: Disabling sleep skipping.
2020-02-14 18:51:21,265 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:51:21,280 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 2192 at 0x6a0f0000, image base 0x9d0000, stack from 0x136000-0x140000
2020-02-14 18:51:21,280 [root] DEBUG: DLL loaded at 0x74740000: C:\Windows\system32\authZ (0x1b000 bytes).
2020-02-14 18:51:21,342 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\bcdedit.exe \set {default} bootstatuspolicy ignoreallfailures.
2020-02-14 18:51:21,342 [root] DEBUG: DLL loaded at 0x6EFD0000: C:\Windows\system32\wbem\wmiutils (0x1a000 bytes).
2020-02-14 18:51:21,358 [root] INFO: Added new process to list with pid: 2192
2020-02-14 18:51:21,358 [root] DEBUG: DLL loaded at 0x6EE40000: C:\Windows\system32\wbem\repdrvfs (0x47000 bytes).
2020-02-14 18:51:21,358 [root] INFO: Monitor successfully loaded in process with pid 2192.
2020-02-14 18:51:21,421 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:51:21,437 [root] WARNING: File at path "C:\Windows\System32\wbem\repository\WRITABLE.TST" does not exist, skip.
2020-02-14 18:51:21,453 [root] DEBUG: DLL loaded at 0x74790000: C:\Windows\system32\Wevtapi (0x42000 bytes).
2020-02-14 18:51:21,453 [root] DEBUG: DLL unloaded from 0x009D0000.
2020-02-14 18:51:21,515 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2192
2020-02-14 18:51:21,515 [root] DEBUG: GetHookCallerBase: thread 3836 (handle 0x0), return address 0x009E2556, allocation base 0x009D0000.
2020-02-14 18:51:21,515 [root] DEBUG: DLL unloaded from 0x74790000.
2020-02-14 18:51:21,750 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x009D0000.
2020-02-14 18:51:21,842 [root] DEBUG: ApiReader: module list size: 18
2020-02-14 18:51:21,921 [root] DEBUG: DLL loaded at 0x6D360000: C:\Windows\system32\wbem\wmiprvsd (0x91000 bytes).
2020-02-14 18:51:21,921 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,030 [root] DEBUG: DLL loaded at 0x6D350000: C:\Windows\system32\NCObjAPI (0xf000 bytes).
2020-02-14 18:51:22,140 [root] DEBUG: DLL loaded at 0x6F380000: C:\Windows\system32\wbem\wbemess (0x5b000 bytes).
2020-02-14 18:51:22,140 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:22,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:22,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:22,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,203 [root] DEBUG: DLL loaded at 0x720D0000: C:\Windows\system32\wbem\fastprox (0xa6000 bytes).
2020-02-14 18:51:23,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,296 [root] DEBUG: DLL loaded at 0x71D00000: C:\Windows\system32\NTDSAPI (0x18000 bytes).
2020-02-14 18:51:23,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,500 [root] DEBUG: DLL unloaded from 0x71850000.
2020-02-14 18:51:23,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:23,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:24,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:25,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:26,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,608 [root] DEBUG: DLL loaded at 0x72280000: C:\Windows\system32\wbem\ncprov (0x12000 bytes).
2020-02-14 18:51:26,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:26,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:26,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,171 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:27,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:27,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:27,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:28,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:28,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:28,217 [root] INFO: Announced 32-bit process name: WmiPrvSE.exe pid: 1956
2020-02-14 18:51:28,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:28,342 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:51:28,342 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:51:28,342 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:51:28,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:28,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:28,608 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:51:28,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:28,608 [root] DEBUG: Loader: Injecting process 1956 (thread 884) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:28,703 [root] DEBUG: Process image base: 0x00CB0000
2020-02-14 18:51:28,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:28,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:28,780 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:28,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:28,858 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:51:28,953 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:28,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,046 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1956
2020-02-14 18:51:29,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,140 [root] INFO: Announced 32-bit process name: WmiPrvSE.exe pid: 1956
2020-02-14 18:51:29,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,390 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:51:29,390 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:51:29,405 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:51:29,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,578 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:51:29,655 [root] DEBUG: Loader: Injecting process 1956 (thread 884) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:29,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,750 [root] DEBUG: Process image base: 0x00CB0000
2020-02-14 18:51:29,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:29,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,842 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:51:29,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:29,921 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:29,921 [root] WARNING: File at path "C:\Program Files\Far Manager\Plugins\ArcLite\arclite.map.abcd" does not exist, skip.
2020-02-14 18:51:30,000 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1956
2020-02-14 18:51:30,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,108 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:51:30,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,203 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:51:30,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,203 [root] DEBUG: Process dumps enabled.
2020-02-14 18:51:30,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,296 [root] INFO: Disabling sleep skipping.
2020-02-14 18:51:30,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,390 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:51:30,390 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 1956 at 0x6a0f0000, image base 0xcb0000, stack from 0x250000-0x260000
2020-02-14 18:51:30,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,483 [root] DEBUG: Commandline: C:\Windows\System32\wbem\wmiprvse.exe -secured -Embedding.
2020-02-14 18:51:30,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,500 [root] INFO: Added new process to list with pid: 1956
2020-02-14 18:51:30,500 [root] INFO: Monitor successfully loaded in process with pid 1956.
2020-02-14 18:51:30,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,578 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-02-14 18:51:30,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,592 [root] DEBUG: DLL loaded at 0x73760000: C:\Windows\system32\ntmarta (0x21000 bytes).
2020-02-14 18:51:30,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,655 [root] DEBUG: DLL loaded at 0x76FC0000: C:\Windows\system32\WLDAP32 (0x45000 bytes).
2020-02-14 18:51:30,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,890 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-02-14 18:51:30,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:30,983 [root] DEBUG: DLL loaded at 0x71A90000: C:\Windows\system32\wbem\wbemprox (0xb000 bytes).
2020-02-14 18:51:30,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:31,078 [root] DEBUG: DLL loaded at 0x74590000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-02-14 18:51:31,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:31,092 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-02-14 18:51:31,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:31,171 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-02-14 18:51:31,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:31,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:31,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:31,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:31,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:31,358 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:31,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:31,483 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:31,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:31,562 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:51:31,717 [root] DEBUG: DLL loaded at 0x716A0000: C:\Windows\system32\wbem\wbemsvc (0xf000 bytes).
2020-02-14 18:51:31,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:51:31,796 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:51:31,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:51:31,905 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:51:32,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:51:32,078 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:51:32,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:51:32,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:32,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:32,312 [root] DEBUG: DLL loaded at 0x6EFD0000: C:\Windows\system32\wbem\wmiutils (0x1a000 bytes).
2020-02-14 18:51:32,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:32,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:32,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:32,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:32,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:32,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:32,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:32,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:33,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:33,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:33,280 [root] DEBUG: DLL loaded at 0x72080000: C:\Windows\system32\wbem\vsswmi (0x20000 bytes).
2020-02-14 18:51:33,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:33,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:33,437 [root] DEBUG: DLL loaded at 0x6CD10000: C:\Windows\system32\framedynos (0x35000 bytes).
2020-02-14 18:51:33,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:33,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:33,530 [root] DEBUG: DLL loaded at 0x722A0000: C:\Windows\system32\VSSAPI (0x116000 bytes).
2020-02-14 18:51:33,640 [root] DEBUG: DLL loaded at 0x73140000: C:\Windows\system32\ATL (0x14000 bytes).
2020-02-14 18:51:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:33,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:33,750 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\VssTrace (0x10000 bytes).
2020-02-14 18:51:33,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:33,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:34,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:34,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:34,265 [root] DEBUG: DLL loaded at 0x6A4B0000: C:\Windows\system32\vss_ps (0xa000 bytes).
2020-02-14 18:51:34,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:34,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:34,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:34,812 [root] DEBUG: DLL unloaded from 0x6CF20000.
2020-02-14 18:51:34,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:34,905 [root] DEBUG: DLL unloaded from 0x6C9C0000.
2020-02-14 18:51:35,030 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:51:35,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:35,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:35,062 [root] DEBUG: DLL unloaded from 0x6C9C0000.
2020-02-14 18:51:35,140 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:51:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:35,155 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:51:35,155 [root] DEBUG: DLL unloaded from 0x6C9C0000.
2020-02-14 18:51:35,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:51:35,233 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:51:35,280 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:35,375 [root] DEBUG: DLL unloaded from 0x75980000.
2020-02-14 18:51:35,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:35,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:35,483 [root] DEBUG: DLL unloaded from 0x720D0000.
2020-02-14 18:51:35,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:35,500 [root] DEBUG: DLL unloaded from 0x716A0000.
2020-02-14 18:51:35,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:35,578 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:51:35,578 [root] DEBUG: DLL unloaded from 0x6CD90000.
2020-02-14 18:51:35,592 [root] DEBUG: DLL unloaded from 0x71A90000.
2020-02-14 18:51:35,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:51:35,687 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 3596
2020-02-14 18:51:35,687 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:51:35,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:51:35,703 [root] DEBUG: GetHookCallerBase: thread 2336 (handle 0x0), return address 0x0009D700, allocation base 0x00060000.
2020-02-14 18:51:35,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:35,780 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00060000.
2020-02-14 18:51:35,796 [root] DEBUG: ApiReader: module list size: 44
2020-02-14 18:51:35,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:35,875 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:35,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:35,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:35,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:35,953 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:35,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:35,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:35,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:36,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:36,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:36,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:36,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:36,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:36,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:36,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:36,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:36,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:36,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:37,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:37,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:37,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:37,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:37,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:37,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:37,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:37,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:37,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:37,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:37,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:37,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:37,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:37,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:37,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:37,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:37,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:37,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:37,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:37,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:38,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:38,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:38,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:38,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:38,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:38,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:38,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:39,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:39,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:39,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:39,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:39,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:39,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:39,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:39,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,062 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:40,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:40,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:40,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:40,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:40,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:40,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:40,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:40,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:40,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:40,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:41,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:41,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:41,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:41,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:41,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:41,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:41,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:42,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:42,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:42,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:42,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:42,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:42,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:42,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:42,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:42,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:42,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:42,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:42,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:42,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:42,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:42,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:42,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:42,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:43,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:43,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:43,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:43,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:43,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:43,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:43,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:43,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:43,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:43,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:43,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:43,858 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:43,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:43,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:43,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:43,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:43,953 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:43,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:43,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:44,046 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:51:44,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:44,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:44,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:51:44,140 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:51:44,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:44,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:44,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:51:44,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:44,217 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:51:44,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:44,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:44,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:51:44,405 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:51:44,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:44,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:51:44,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:44,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:44,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:44,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:44,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:44,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:44,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:44,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:44,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:44,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:44,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:45,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:45,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:45,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,171 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:51:45,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:51:45,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,265 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:51:45,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:51:45,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:45,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,483 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:51:45,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:51:45,655 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:51:45,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:51:45,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:45,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:45,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:45,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:45,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:45,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:45,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:51:46,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:46,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:46,500 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:46,500 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:51:46,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:46,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:51:46,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:46,625 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x009D0000
2020-02-14 18:51:46,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:46,703 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x009E2670
2020-02-14 18:51:46,717 [root] DEBUG: Module image dump success
2020-02-14 18:51:46,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:46,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:46,796 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x9d0ffc, size: 0x284
2020-02-14 18:51:46,812 [root] DEBUG: IAT parsing finished, found 157 valid APIs, missed 0 APIs
2020-02-14 18:51:46,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:51:46,921 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:51:46,921 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:51:46,921 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:51:46,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:51:47,015 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:51:47,015 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:51:47,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:51:47,108 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:51:47,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,217 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:51:47,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,217 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:51:47,312 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:51:47,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,375 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:51:47,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,467 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:51:47,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,483 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\cryptbase (0xc000 bytes).
2020-02-14 18:51:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,592 [root] INFO: Added new CAPE file to list with path: C:\ATKVeLtUo\CAPE\2192_222769604711215622020
2020-02-14 18:51:47,671 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:51:47,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,750 [root] INFO: Notified of termination of process with pid 2192.
2020-02-14 18:51:47,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:47,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:48,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:48,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:48,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:48,203 [root] INFO: Announced 32-bit process name: wbadmin.exe pid: 648
2020-02-14 18:51:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:48,217 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:51:48,217 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:51:48,217 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:51:48,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:48,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:48,358 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:51:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:48,421 [root] DEBUG: Loader: Injecting process 648 (thread 4040) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:48,500 [root] DEBUG: Process image base: 0x00FA0000
2020-02-14 18:51:48,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:48,515 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:48,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:48,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:48,592 [root] WARNING: File at path "C:\Program Files\FileZilla FTP Client\locales\lo_LA\filezilla.mo.abcd" does not exist, skip.
2020-02-14 18:51:48,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:48,655 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:51:48,671 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:48,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:48,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 648
2020-02-14 18:51:48,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:48,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:48,967 [root] INFO: Announced 32-bit process name: wbadmin.exe pid: 648
2020-02-14 18:51:48,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:48,967 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:51:48,967 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:51:48,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:48,983 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:51:49,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:49,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:49,078 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:51:49,203 [root] DEBUG: Loader: Injecting process 648 (thread 4040) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:49,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:49,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:49,217 [root] DEBUG: Process image base: 0x00FA0000
2020-02-14 18:51:49,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:49,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:49,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:49,342 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:51:49,375 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:51:49,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:49,483 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 648
2020-02-14 18:51:49,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:49,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:49,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:49,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:49,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:49,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:49,750 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:51:49,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:49,858 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:51:49,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:49,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:49,875 [root] DEBUG: Process dumps enabled.
2020-02-14 18:51:49,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:50,000 [root] INFO: Disabling sleep skipping.
2020-02-14 18:51:50,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:50,015 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:51:50,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:50,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:50,125 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 648 at 0x6a0f0000, image base 0xfa0000, stack from 0xf6000-0x100000
2020-02-14 18:51:50,171 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\wbadmin DELETE SYSTEMSTATEBACKUP.
2020-02-14 18:51:50,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:50,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:50,312 [root] INFO: Added new process to list with pid: 648
2020-02-14 18:51:50,328 [root] INFO: Monitor successfully loaded in process with pid 648.
2020-02-14 18:51:50,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:50,328 [root] DEBUG: DLL loaded at 0x73AF0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-02-14 18:51:50,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:50,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:50,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:50,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:50,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:50,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:50,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:50,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:50,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:50,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:50,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:50,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:50,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:51,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:51,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:51,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:51,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:51,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:51,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:51,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:52,467 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-02-14 18:51:52,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,578 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-02-14 18:51:52,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:52,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:52,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:53,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:53,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:53,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:53,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:53,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:53,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:53,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:53,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:53,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:53,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:53,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:53,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:53,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:53,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:53,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:53,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:53,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:53,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:53,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:53,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,171 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 648
2020-02-14 18:51:54,265 [root] DEBUG: GetHookCallerBase: thread 4040 (handle 0x0), return address 0x00FC6552, allocation base 0x00FA0000.
2020-02-14 18:51:54,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,280 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00FA0000.
2020-02-14 18:51:54,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,312 [root] DEBUG: ApiReader: module list size: 27
2020-02-14 18:51:54,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,405 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,437 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:54,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:54,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:54,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:55,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:51:55,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:55,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:55,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:55,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:55,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:55,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:55,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:51:55,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:51:55,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,562 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:51:55,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:51:55,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,671 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:51:55,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:51:55,717 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\framedynos.dll
2020-02-14 18:51:55,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\framedynos.dll
2020-02-14 18:51:55,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,828 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:55,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:55,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,953 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2020-02-14 18:51:55,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2020-02-14 18:51:55,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:55,983 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2020-02-14 18:51:55,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2020-02-14 18:51:56,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,092 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\secur32.dll
2020-02-14 18:51:56,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\secur32.dll
2020-02-14 18:51:56,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:56,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:56,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:57,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:57,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:57,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:57,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:57,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:57,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:57,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:57,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:57,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:57,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:57,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:57,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:57,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,500 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:58,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:51:58,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:58,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:58,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:59,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:59,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:59,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:59,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:59,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:59,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:59,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:59,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:59,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:51:59,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:51:59,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:00,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:00,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:00,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:00,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:00,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:00,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:00,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:00,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:00,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:00,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:00,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:01,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:01,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:01,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:01,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:01,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:01,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:01,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:01,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:01,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:01,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:01,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:01,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:01,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:01,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:02,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:02,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:02,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:02,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:02,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:02,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:02,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:02,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:02,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:02,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:02,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:03,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:03,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:03,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:03,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:03,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:03,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:03,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:03,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:03,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:03,608 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2020-02-14 18:52:03,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:03,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2020-02-14 18:52:03,717 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:03,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:03,733 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2020-02-14 18:52:03,842 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:03,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2020-02-14 18:52:03,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:03,842 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:52:03,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:52:03,858 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:52:03,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:52:03,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:03,983 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:52:03,983 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:52:04,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:52:04,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:52:04,108 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:52:04,108 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:52:04,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:52:04,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:52:04,250 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:04,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:04,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:04,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:04,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:04,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:05,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,078 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:52:05,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:52:05,217 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:52:05,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:52:05,342 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\urlmon.dll
2020-02-14 18:52:05,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:05,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\urlmon.dll
2020-02-14 18:52:05,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2020-02-14 18:52:05,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2020-02-14 18:52:05,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:05,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:05,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:05,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:05,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:05,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:05,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:05,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:05,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:06,000 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:52:06,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:52:06,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,125 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:06,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:06,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:06,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:06,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:06,405 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,546 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:06,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:06,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:06,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:06,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:06,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:06,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:06,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:06,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:06,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:07,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:07,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:07,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:07,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:07,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:07,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:07,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:07,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:07,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:08,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:08,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:08,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:08,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:08,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:08,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:08,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2020-02-14 18:52:08,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:08,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2020-02-14 18:52:08,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:08,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:08,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:08,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:08,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:08,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:08,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:08,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:08,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:08,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:08,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:08,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:08,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:08,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:08,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:09,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:09,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:09,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:09,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:09,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:09,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:09,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:09,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:10,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:10,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:10,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:10,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:10,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:10,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:10,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:10,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:10,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:11,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:11,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:11,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:11,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:11,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:11,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:12,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:12,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:12,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:12,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:12,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:12,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:12,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:12,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:12,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:12,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:12,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:12,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:12,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:12,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:12,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:12,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:12,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:12,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:12,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:12,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:12,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:12,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:13,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:13,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:13,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:13,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:13,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:13,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:13,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:13,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:13,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:14,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:14,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:14,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:14,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:14,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:14,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:14,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:14,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:14,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:14,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:14,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:14,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:14,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:14,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:14,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:14,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:14,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:14,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:14,875 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:52:14,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:14,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:52:15,000 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:52:15,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:52:15,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,108 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2020-02-14 18:52:15,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2020-02-14 18:52:15,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:15,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:15,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:16,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:16,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:16,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:16,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,203 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2020-02-14 18:52:16,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2020-02-14 18:52:16,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:16,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:16,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:16,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:16,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:16,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:16,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:16,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:16,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:16,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:16,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:16,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:17,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:17,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:18,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:18,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:19,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:19,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:20,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:20,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:21,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:21,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:22,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:22,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:23,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,905 [lib.common.results] ERROR: Exception uploading file C:\Program Files\Java\jre7\bin\client\classes.jsa to host: [Errno 10053] An established connection was aborted by the software in your host machine
2020-02-14 18:52:23,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:23,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:24,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:24,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:25,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:25,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:25,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:25,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:25,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:25,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:25,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:25,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:25,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:25,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:25,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:25,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:25,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:25,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:26,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:26,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:26,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:26,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:26,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:26,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:26,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:26,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:26,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:26,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:26,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:26,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:26,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:26,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:26,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:26,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2020-02-14 18:52:26,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2020-02-14 18:52:26,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:26,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:27,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:27,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:28,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:28,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:28,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:28,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:28,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:28,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:28,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:28,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:28,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:28,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,717 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2020-02-14 18:52:28,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2020-02-14 18:52:28,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:52:28,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:28,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:52:28,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:52:29,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:52:29,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:52:29,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:52:29,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,250 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:52:29,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:52:29,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:29,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:29,483 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2020-02-14 18:52:29,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2020-02-14 18:52:29,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\normaliz.dll
2020-02-14 18:52:29,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\normaliz.dll
2020-02-14 18:52:29,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,750 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\normaliz.dll
2020-02-14 18:52:29,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\normaliz.dll
2020-02-14 18:52:29,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:29,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:29,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:29,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:30,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:30,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:30,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:30,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:30,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:30,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:30,171 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
2020-02-14 18:52:30,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:30,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
2020-02-14 18:52:30,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:52:30,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wininet.dll
2020-02-14 18:52:30,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2020-02-14 18:52:30,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wininet.dll
2020-02-14 18:52:30,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2020-02-14 18:52:30,328 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\slc.dll
2020-02-14 18:52:30,328 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2020-02-14 18:52:30,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\slc.dll
2020-02-14 18:52:30,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2020-02-14 18:52:30,437 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\profapi.dll
2020-02-14 18:52:30,437 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\credui.dll
2020-02-14 18:52:30,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\profapi.dll
2020-02-14 18:52:30,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\credui.dll
2020-02-14 18:52:30,562 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2020-02-14 18:52:30,562 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:52:30,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:52:30,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2020-02-14 18:52:30,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:30,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:30,733 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:52:30,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:30,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:30,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:52:30,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:30,858 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:52:30,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:52:30,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:30,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:30,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:31,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,842 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:31,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:52:31,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:31,967 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
2020-02-14 18:52:32,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
2020-02-14 18:52:32,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,108 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:52:32,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:52:32,217 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:52:32,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:52:32,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,358 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00FA0000
2020-02-14 18:52:32,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,375 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00FC666C
2020-02-14 18:52:32,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,500 [root] DEBUG: Module image dump success
2020-02-14 18:52:32,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,562 [root] DEBUG: DumpProcessFixImports: Found IAT - 0xfa0ffc, size: 0x318
2020-02-14 18:52:32,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,671 [root] DEBUG: IAT parsing finished, found 187 valid APIs, missed 0 APIs
2020-02-14 18:52:32,687 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:52:32,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,796 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:52:32,812 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-02-14 18:52:32,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:32,921 [root] DEBUG: Adding module to module list: rpcrt4.dll
2020-02-14 18:52:32,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,000 [root] DEBUG: Adding module to module list: setupapi.dll
2020-02-14 18:52:33,155 [root] DEBUG: Adding module to module list: user32.dll
2020-02-14 18:52:33,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,155 [root] DEBUG: Adding module to module list: credui.dll
2020-02-14 18:52:33,217 [lib.common.results] ERROR: Exception uploading file C:\Program Files\Java\jre7\bin\client\classes.jsa to host: [Errno 10053] An established connection was aborted by the software in your host machine
2020-02-14 18:52:33,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,233 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:52:33,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,328 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:52:33,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,405 [root] DEBUG: Adding module to module list: ole32.dll
2020-02-14 18:52:33,500 [root] DEBUG: Adding module to module list: slc.dll
2020-02-14 18:52:33,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,608 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:52:33,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,625 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:52:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,750 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:52:33,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,780 [root] INFO: Added new CAPE file to list with path: C:\ATKVeLtUo\CAPE\648_13030372285312215622020
2020-02-14 18:52:33,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,890 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:52:33,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:33,905 [root] INFO: Notified of termination of process with pid 648.
2020-02-14 18:52:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:34,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:34,078 [root] INFO: Announced 32-bit process name: wbadmin.exe pid: 2688
2020-02-14 18:52:34,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:52:34,187 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:52:34,187 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:52:34,203 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:52:34,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:52:34,250 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2020-02-14 18:52:34,265 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:52:34,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2020-02-14 18:52:34,358 [root] DEBUG: Loader: Injecting process 2688 (thread 2428) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:34,358 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2020-02-14 18:52:34,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2020-02-14 18:52:34,405 [root] DEBUG: Process image base: 0x00EF0000
2020-02-14 18:52:34,421 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:34,421 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00060000
2020-02-14 18:52:34,437 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:52:34,437 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x0009D81A
2020-02-14 18:52:34,546 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:34,625 [root] DEBUG: Module image dump success
2020-02-14 18:52:34,625 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2688
2020-02-14 18:52:34,655 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x60ffc, size: 0x358
2020-02-14 18:52:34,655 [root] INFO: Announced 32-bit process name: wbadmin.exe pid: 2688
2020-02-14 18:52:34,671 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:52:34,671 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:52:34,671 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:52:34,765 [root] DEBUG: IAT parsing finished, found 203 valid APIs, missed 0 APIs
2020-02-14 18:52:34,858 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:52:34,875 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:52:34,921 [root] DEBUG: Loader: Injecting process 2688 (thread 2428) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:34,921 [root] DEBUG: Adding module to module list: IPHLPAPI.DLL
2020-02-14 18:52:35,030 [root] DEBUG: DLL unloaded from 0x730F0000.
2020-02-14 18:52:35,030 [root] DEBUG: Process image base: 0x00EF0000
2020-02-14 18:52:35,092 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:52:35,092 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:35,125 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-02-14 18:52:35,125 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:52:35,217 [root] DEBUG: Adding module to module list: shlwapi.dll
2020-02-14 18:52:35,217 [root] DEBUG: DLL unloaded from 0x6A4B0000.
2020-02-14 18:52:35,280 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:35,280 [root] DEBUG: Adding module to module list: sspicli.dll
2020-02-14 18:52:35,280 [root] DEBUG: DLL unloaded from 0x72080000.
2020-02-14 18:52:35,328 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2688
2020-02-14 18:52:35,328 [root] DEBUG: DLL unloaded from 0x6EFD0000.
2020-02-14 18:52:35,328 [root] DEBUG: Adding module to module list: user32.dll
2020-02-14 18:52:35,437 [root] DEBUG: Adding module to module list: ws2_32.dll
2020-02-14 18:52:35,437 [root] DEBUG: DLL unloaded from 0x720D0000.
2020-02-14 18:52:35,483 [root] DEBUG: DLL unloaded from 0x716A0000.
2020-02-14 18:52:35,483 [root] DEBUG: Adding module to module list: framedynos.dll
2020-02-14 18:52:35,500 [root] DEBUG: DLL unloaded from 0x71A90000.
2020-02-14 18:52:35,655 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:52:35,937 [root] DEBUG: Adding module to module list: ole32.dll
2020-02-14 18:52:35,937 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:52:36,015 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:52:36,015 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:52:36,155 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1956
2020-02-14 18:52:36,155 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:52:36,155 [root] DEBUG: Process dumps enabled.
2020-02-14 18:52:36,187 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:52:36,187 [root] DEBUG: GetHookCallerBase: thread 884 (handle 0x0), return address 0x00CEA976, allocation base 0x00CB0000.
2020-02-14 18:52:36,328 [root] INFO: Disabling sleep skipping.
2020-02-14 18:52:36,342 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:52:36,342 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00CB0000.
2020-02-14 18:52:36,358 [root] INFO: Added new CAPE file to list with path: C:\ATKVeLtUo\CAPE\3596_2001083411616215622020
2020-02-14 18:52:36,358 [root] DEBUG: ApiReader: module list size: 33
2020-02-14 18:52:36,358 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 2688 at 0x6a0f0000, image base 0xef0000, stack from 0x216000-0x220000
2020-02-14 18:52:36,358 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:52:36,530 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:36,530 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest.
2020-02-14 18:52:36,546 [root] INFO: Notified of termination of process with pid 3596.
2020-02-14 18:52:36,546 [root] INFO: Process with pid 3596 has terminated
2020-02-14 18:52:36,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:36,765 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:36,780 [root] INFO: Added new process to list with pid: 2688
2020-02-14 18:52:36,780 [root] INFO: Announced 32-bit process name: bcdedit.exe pid: 1648
2020-02-14 18:52:36,780 [root] INFO: Monitor successfully loaded in process with pid 2688.
2020-02-14 18:52:36,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:36,812 [root] DEBUG: DLL loaded at 0x73AF0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32 (0x19e000 bytes).
2020-02-14 18:52:36,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:36,812 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:52:36,812 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:52:36,828 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:52:36,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:36,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,000 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:52:37,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,030 [root] DEBUG: Loader: Injecting process 1648 (thread 3952) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:37,030 [root] DEBUG: DLL loaded at 0x73760000: C:\Windows\system32\ntmarta (0x21000 bytes).
2020-02-14 18:52:37,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,203 [root] DEBUG: DLL loaded at 0x76FC0000: C:\Windows\system32\WLDAP32 (0x45000 bytes).
2020-02-14 18:52:37,203 [root] DEBUG: Process image base: 0x00380000
2020-02-14 18:52:37,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,217 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:37,250 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:52:37,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,453 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:37,687 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1648
2020-02-14 18:52:37,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,733 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-02-14 18:52:37,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,733 [root] INFO: Announced 32-bit process name: bcdedit.exe pid: 1648
2020-02-14 18:52:37,780 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:52:37,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,796 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-02-14 18:52:37,796 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:52:37,828 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:52:37,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:37,905 [lib.common.results] ERROR: Exception uploading file C:\Program Files\Java\jre7\lib\jfxrt.jar to host: [Errno 10053] An established connection was aborted by the software in your host machine
2020-02-14 18:52:37,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,015 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:52:38,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,030 [root] DEBUG: Loader: Injecting process 1648 (thread 3952) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:38,217 [root] DEBUG: Process image base: 0x00380000
2020-02-14 18:52:38,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,250 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:38,250 [root] WARNING: File at path "C:\Program Files\Java\jre7\lib\jfxrt.jar.abcd" does not exist, skip.
2020-02-14 18:52:38,250 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:52:38,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,437 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:52:38,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1648
2020-02-14 18:52:38,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,467 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:52:38,467 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2688
2020-02-14 18:52:38,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,483 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:52:38,483 [root] DEBUG: GetHookCallerBase: thread 2428 (handle 0x0), return address 0x00F16552, allocation base 0x00EF0000.
2020-02-14 18:52:38,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,687 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00EF0000.
2020-02-14 18:52:38,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,687 [root] DEBUG: Process dumps enabled.
2020-02-14 18:52:38,703 [root] DEBUG: ApiReader: module list size: 29
2020-02-14 18:52:38,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,733 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,765 [root] INFO: Disabling sleep skipping.
2020-02-14 18:52:38,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:38,983 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:52:38,983 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:38,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:39,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,000 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 1648 at 0x6a0f0000, image base 0x380000, stack from 0x226000-0x230000
2020-02-14 18:52:39,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,187 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\bcdedit  \set {default} bootstatuspolicy ignoreallfailures.
2020-02-14 18:52:39,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,203 [root] INFO: Added new process to list with pid: 1648
2020-02-14 18:52:39,233 [root] INFO: Monitor successfully loaded in process with pid 1648.
2020-02-14 18:52:39,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,421 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:52:39,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,437 [root] DEBUG: DLL unloaded from 0x00380000.
2020-02-14 18:52:39,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,453 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1648
2020-02-14 18:52:39,483 [root] DEBUG: GetHookCallerBase: thread 3952 (handle 0x0), return address 0x00392556, allocation base 0x00380000.
2020-02-14 18:52:39,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,640 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00380000.
2020-02-14 18:52:39,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,655 [root] DEBUG: ApiReader: module list size: 18
2020-02-14 18:52:39,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,687 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,890 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:39,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:39,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:39,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:40,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:41,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:41,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:41,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:42,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:42,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:42,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:43,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:43,983 [lib.common.results] ERROR: Exception uploading file C:\Program Files\Java\jre7\lib\rt.jar to host: [Errno 10053] An established connection was aborted by the software in your host machine
2020-02-14 18:52:44,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:44,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:44,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:44,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,030 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:45,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:45,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:45,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,703 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:45,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:45,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:45,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:46,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,515 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:47,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:47,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:47,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,842 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:52:47,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:52:47,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:47,937 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:52:48,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:52:48,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,140 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:52:48,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:52:48,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,358 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:48,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:48,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:48,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,750 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:49,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:49,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:49,953 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:49,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:49,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:49,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,078 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:52:50,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:52:50,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,217 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:52:50,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:52:50,405 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:52:50,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:52:50,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:50,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:50,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:50,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:50,733 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:50,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:52:50,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:50,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,921 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:52:50,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:50,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:51,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:52:51,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,125 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:52:51,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:52:51,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:52:51,328 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:52:51,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:52:51,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:52:51,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,500 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:51,500 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:51,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:52:51,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:51,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:51,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:51,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:51,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:52,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:52,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,000 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:52,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:52,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,217 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:52,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:52,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:52,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:52,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:52,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:52,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:52,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:52,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:52,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:52,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:53,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:53,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:53,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:53,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:52:53,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:53,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:53,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:53,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:53,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:53,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:53,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:53,937 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:52:53,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:53,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:53,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:52:54,125 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:54,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:54,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:54,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:54,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:54,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:54,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:54,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:54,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:54,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:54,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:54,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:54,546 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:54,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:54,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:54,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:54,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:54,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:54,750 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:54,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:52:54,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:54,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:54,905 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:52:54,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:54,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:52:54,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:54,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:54,953 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:54,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:54,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:54,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:55,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:55,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:52:55,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:55,342 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:55,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:55,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:52:55,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:55,405 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:55,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:55,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:55,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:52:55,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:55,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:55,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:55,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:56,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:56,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:56,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:56,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:56,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:56,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:56,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:56,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:57,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:57,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:57,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:57,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:57,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:57,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:57,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:57,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:57,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:57,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:57,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:57,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:57,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:58,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:58,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:58,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:58,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:58,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:58,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:58,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:58,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:58,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:58,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:58,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:58,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:59,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:59,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:59,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:59,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:59,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:59,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:59,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:52:59,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:59,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:59,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:52:59,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:52:59,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:00,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:00,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:00,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:00,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:00,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:00,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:00,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:01,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:01,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:01,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:01,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:01,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:02,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:02,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:02,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:02,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:02,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:02,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:02,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:02,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:02,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:02,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:02,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:02,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:02,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:03,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:03,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:03,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:03,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:03,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:03,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:03,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:03,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:03,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:03,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:03,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:03,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:04,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:04,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:04,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:04,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:04,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:05,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:05,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:05,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:05,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:06,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:06,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:06,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:06,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:06,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:06,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:06,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:06,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:06,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:07,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:07,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:07,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:07,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:07,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:07,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:07,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:07,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:07,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:07,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:07,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:07,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:07,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:08,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:08,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:08,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:08,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:08,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:08,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:08,265 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:53:08,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:08,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:08,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:53:08,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,483 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:53:08,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:53:08,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,733 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2020-02-14 18:53:08,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:08,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2020-02-14 18:53:08,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,937 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2020-02-14 18:53:08,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:08,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:09,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2020-02-14 18:53:09,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:09,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:09,140 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2020-02-14 18:53:09,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:09,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:09,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2020-02-14 18:53:09,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,342 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2020-02-14 18:53:09,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:09,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:09,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:09,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2020-02-14 18:53:09,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,562 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2020-02-14 18:53:09,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2020-02-14 18:53:09,578 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2020-02-14 18:53:09,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2020-02-14 18:53:09,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:09,765 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ncobjapi.dll
2020-02-14 18:53:09,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ncobjapi.dll
2020-02-14 18:53:09,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,780 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:53:09,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:53:09,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:09,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:10,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:10,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:10,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:10,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:10,000 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:53:10,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:10,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:10,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:53:10,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,217 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:53:10,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:10,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:53:10,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:10,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:10,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:10,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,655 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:53:10,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:53:10,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,703 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:53:10,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:53:10,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,921 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2020-02-14 18:53:10,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:10,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2020-02-14 18:53:10,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:11,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,108 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:53:11,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:53:11,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:53:11,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:53:11,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:11,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,358 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:53:11,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:53:11,530 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:53:11,530 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:53:11,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:53:11,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:53:11,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,530 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:53:11,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:53:11,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,703 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2020-02-14 18:53:11,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2020-02-14 18:53:11,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,733 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
2020-02-14 18:53:11,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
2020-02-14 18:53:11,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,733 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:53:11,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:53:11,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:11,921 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:53:11,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:11,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:12,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:12,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:53:12,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:12,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:12,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:12,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:12,125 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2020-02-14 18:53:12,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:12,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2020-02-14 18:53:12,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:12,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:12,500 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2020-02-14 18:53:12,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:12,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:12,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:12,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2020-02-14 18:53:12,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:12,703 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00CB0000
2020-02-14 18:53:12,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:12,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:12,967 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:53:12,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:12,967 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00CEA810
2020-02-14 18:53:12,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:12,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:53:13,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:13,171 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00380000
2020-02-14 18:53:13,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:13,171 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00392670
2020-02-14 18:53:13,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:13,342 [root] DEBUG: Module image dump success
2020-02-14 18:53:13,358 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x380ffc, size: 0x284
2020-02-14 18:53:13,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:13,375 [root] DEBUG: IAT parsing finished, found 157 valid APIs, missed 0 APIs
2020-02-14 18:53:13,375 [root] DEBUG: Module image dump success
2020-02-14 18:53:13,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:13,562 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:53:13,562 [root] DEBUG: DumpProcessFixImports: Found IAT - 0xcf3000, size: 0x324
2020-02-14 18:53:13,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:13,578 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:53:13,578 [root] DEBUG: parseIAT :: API not found 00CBA520
2020-02-14 18:53:13,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:13,592 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:53:13,592 [root] DEBUG: IAT parsing finished, found 190 valid APIs, missed 1 APIs
2020-02-14 18:53:13,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:13,796 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:53:13,796 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:53:13,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:14,078 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:53:14,078 [root] DEBUG: Adding module to module list: fastprox.dll
2020-02-14 18:53:14,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:14,078 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:53:14,092 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:53:14,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:14,092 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:53:14,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:14,265 [root] DEBUG: Adding module to module list: ncobjapi.dll
2020-02-14 18:53:14,265 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:53:14,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:14,280 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-02-14 18:53:14,280 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:53:14,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:14,296 [root] DEBUG: Adding module to module list: user32.dll
2020-02-14 18:53:14,515 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\cryptbase (0xc000 bytes).
2020-02-14 18:53:14,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:14,780 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:53:14,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:14,796 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:53:14,812 [root] INFO: Added new CAPE file to list with path: C:\ATKVeLtUo\CAPE\1648_7722878981413215622020
2020-02-14 18:53:15,078 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:53:15,078 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:53:15,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,092 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:53:15,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,092 [root] INFO: Notified of termination of process with pid 1648.
2020-02-14 18:53:15,092 [root] DEBUG: Adding module to module list: ole32.dll
2020-02-14 18:53:15,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,108 [root] INFO: Announced 32-bit process name: bcdedit.exe pid: 1060
2020-02-14 18:53:15,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,312 [root] DEBUG: Adding module to module list: wbemcomn2.dll
2020-02-14 18:53:15,328 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:53:15,328 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:53:15,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:53:15,328 [root] DEBUG: API not found - added to module list.
2020-02-14 18:53:15,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,328 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:53:15,500 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:53:15,500 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:53:15,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,530 [root] DEBUG: Loader: Injecting process 1060 (thread 2420) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:15,530 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:53:15,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,546 [root] DEBUG: DLL unloaded from 0x73760000.
2020-02-14 18:53:15,546 [root] DEBUG: Process image base: 0x00650000
2020-02-14 18:53:15,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,717 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:53:15,717 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:15,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,750 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:53:15,750 [root] INFO: Notified of termination of process with pid 1956.
2020-02-14 18:53:15,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:15,750 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:15,765 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1060
2020-02-14 18:53:15,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,000 [root] INFO: Announced 32-bit process name: bcdedit.exe pid: 1060
2020-02-14 18:53:16,000 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:53:16,000 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:53:16,000 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:53:16,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,030 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:53:16,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,030 [root] DEBUG: Loader: Injecting process 1060 (thread 2420) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:16,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,233 [root] DEBUG: Process image base: 0x00650000
2020-02-14 18:53:16,265 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:16,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,296 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:53:16,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,296 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:16,312 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1060
2020-02-14 18:53:16,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,500 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:53:16,500 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:53:16,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,546 [root] DEBUG: Process dumps enabled.
2020-02-14 18:53:16,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,562 [root] INFO: Disabling sleep skipping.
2020-02-14 18:53:16,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,578 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:53:16,765 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 1060 at 0x6a0f0000, image base 0x650000, stack from 0x146000-0x150000
2020-02-14 18:53:16,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,780 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\bcdedit  \set {default} recoveryenabled no.
2020-02-14 18:53:16,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,796 [root] INFO: Added new process to list with pid: 1060
2020-02-14 18:53:16,796 [root] INFO: Monitor successfully loaded in process with pid 1060.
2020-02-14 18:53:16,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,812 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:53:16,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:16,828 [root] DEBUG: DLL unloaded from 0x00650000.
2020-02-14 18:53:16,828 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1060
2020-02-14 18:53:16,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:17,030 [root] DEBUG: GetHookCallerBase: thread 2420 (handle 0x0), return address 0x00662556, allocation base 0x00650000.
2020-02-14 18:53:17,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:17,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:17,046 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00650000.
2020-02-14 18:53:17,062 [root] DEBUG: ApiReader: module list size: 18
2020-02-14 18:53:17,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:17,078 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:17,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:17,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:17,092 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:17,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:17,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:17,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:17,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:17,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:17,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:17,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:18,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:18,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:18,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:18,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:18,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:18,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:18,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:18,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:18,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:18,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:18,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:18,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:18,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:18,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:18,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:18,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:19,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:19,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:20,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:20,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:21,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:21,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:22,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:22,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:22,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:22,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:22,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:22,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:22,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:22,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:22,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:22,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:22,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:22,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:22,921 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:22,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:23,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:23,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:23,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:24,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:24,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:24,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:24,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:24,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:24,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:24,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:24,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:24,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:24,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:24,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:25,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:25,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:25,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:25,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:25,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:25,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:25,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:25,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:25,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:25,483 [lib.common.results] ERROR: Exception uploading file C:\Program Files\Microsoft\Skype for Desktop\resources\app.asar to host: [Errno 10054] An existing connection was forcibly closed by the remote host
2020-02-14 18:53:25,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:25,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:25,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:25,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:25,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:25,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:26,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:26,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:26,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:26,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:26,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:26,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:26,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:26,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:26,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:26,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:26,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:27,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:27,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:27,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:27,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:27,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:27,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:27,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:27,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:27,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:27,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:27,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:28,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:28,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:28,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:28,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:28,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,358 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:28,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:28,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,592 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:28,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:28,671 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:53:28,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:53:28,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,921 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:53:28,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:53:28,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:28,983 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:53:28,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:29,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:29,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:53:29,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:29,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:29,217 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:53:29,250 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:29,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:53:29,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2020-02-14 18:53:29,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:29,578 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2020-02-14 18:53:29,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:29,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:29,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2020-02-14 18:53:29,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:29,640 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\slc.dll
2020-02-14 18:53:29,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\slc.dll
2020-02-14 18:53:29,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:29,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:29,890 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\credui.dll
2020-02-14 18:53:29,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:29,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\credui.dll
2020-02-14 18:53:29,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:29,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:29,983 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:53:30,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:53:30,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:30,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:30,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:30,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:30,233 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:53:30,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:30,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:53:30,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:30,296 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:53:30,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:30,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:53:30,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:30,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:31,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:31,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:31,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:32,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:32,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:32,000 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:53:32,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:53:32,030 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:53:32,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:53:32,265 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
2020-02-14 18:53:32,280 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:53:32,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
2020-02-14 18:53:32,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:53:32,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2020-02-14 18:53:32,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:53:32,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
2020-02-14 18:53:32,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:53:32,342 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
2020-02-14 18:53:32,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
2020-02-14 18:53:32,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:53:32,842 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:53:32,842 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:53:32,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:53:32,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:53:32,858 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:53:32,875 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:53:32,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:53:33,125 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00EF0000
2020-02-14 18:53:33,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:53:33,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:33,140 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00F1666C
2020-02-14 18:53:33,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:33,390 [root] DEBUG: Module image dump success
2020-02-14 18:53:33,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:33,405 [root] DEBUG: DumpProcessFixImports: Found IAT - 0xef0ffc, size: 0x318
2020-02-14 18:53:33,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:33,405 [root] DEBUG: IAT parsing finished, found 187 valid APIs, missed 0 APIs
2020-02-14 18:53:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:33,640 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:53:33,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:33,655 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:53:33,890 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-02-14 18:53:33,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:33,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:33,921 [root] DEBUG: Adding module to module list: rpcrt4.dll
2020-02-14 18:53:33,937 [root] DEBUG: Adding module to module list: setupapi.dll
2020-02-14 18:53:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:34,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:34,187 [root] DEBUG: Adding module to module list: user32.dll
2020-02-14 18:53:34,187 [root] DEBUG: Adding module to module list: credui.dll
2020-02-14 18:53:34,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:34,203 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:53:34,217 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:53:34,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:34,483 [root] DEBUG: Adding module to module list: ole32.dll
2020-02-14 18:53:34,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:34,500 [root] DEBUG: Adding module to module list: slc.dll
2020-02-14 18:53:34,515 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:53:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:34,530 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:53:34,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:34,530 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:53:34,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:34,828 [root] INFO: Added new CAPE file to list with path: C:\ATKVeLtUo\CAPE\2688_337670045413215622020
2020-02-14 18:53:34,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:35,108 [root] DEBUG: DLL unloaded from 0x73760000.
2020-02-14 18:53:35,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:35,171 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:53:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:35,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:35,203 [root] INFO: Notified of termination of process with pid 2688.
2020-02-14 18:53:35,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:35,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:35,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:35,625 [root] INFO: Announced 32-bit process name: WMIC.exe pid: 1832
2020-02-14 18:53:35,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:35,640 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:53:35,655 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:53:35,655 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:53:35,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:35,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:35,687 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:53:35,905 [root] DEBUG: Loader: Injecting process 1832 (thread 2888) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:35,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:35,967 [root] DEBUG: Process image base: 0x00A40000
2020-02-14 18:53:35,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:35,983 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:35,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:36,000 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-02-14 18:53:36,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:36,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:36,030 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:36,046 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1832
2020-02-14 18:53:36,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:36,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:36,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:36,655 [root] INFO: Announced 32-bit process name: WMIC.exe pid: 1832
2020-02-14 18:53:36,655 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-02-14 18:53:36,655 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2020-02-14 18:53:36,671 [lib.api.process] INFO: 32-bit DLL to inject is C:\vxsrykg\dll\aOvJaVO.dll, loader C:\vxsrykg\bin\EnzpNhr.exe
2020-02-14 18:53:36,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:36,937 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\EBatGwfyxd.
2020-02-14 18:53:36,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:36,953 [root] DEBUG: Loader: Injecting process 1832 (thread 2888) with C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:36,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:36,983 [root] DEBUG: Process image base: 0x00A40000
2020-02-14 18:53:37,328 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:37,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:37,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:37,640 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-02-14 18:53:37,967 [root] DEBUG: Successfully injected DLL C:\vxsrykg\dll\aOvJaVO.dll.
2020-02-14 18:53:37,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:38,000 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1832
2020-02-14 18:53:38,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:38,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:38,030 [root] DEBUG: Terminate processes on terminate_event disabled.
2020-02-14 18:53:38,046 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-02-14 18:53:38,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:38,342 [root] DEBUG: Process dumps enabled.
2020-02-14 18:53:38,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:38,375 [root] INFO: Disabling sleep skipping.
2020-02-14 18:53:38,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:38,390 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-02-14 18:53:38,390 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 1832 at 0x6a0f0000, image base 0xa40000, stack from 0xd6000-0xe0000
2020-02-14 18:53:38,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:38,671 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\wmic.exe SHADOWCOPY \nointeractive.
2020-02-14 18:53:38,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:38,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:38,717 [root] INFO: Added new process to list with pid: 1832
2020-02-14 18:53:38,733 [root] INFO: Monitor successfully loaded in process with pid 1832.
2020-02-14 18:53:38,733 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\CRYPTBASE (0xc000 bytes).
2020-02-14 18:53:38,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:38,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:38,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:38,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:39,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:39,015 [root] DEBUG: DLL loaded at 0x756F0000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-02-14 18:53:39,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:39,030 [root] DEBUG: DLL loaded at 0x71A90000: C:\Windows\system32\wbem\wbemprox (0xb000 bytes).
2020-02-14 18:53:39,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:39,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:39,046 [root] DEBUG: DLL loaded at 0x72200000: C:\Windows\system32\wbemcomn2 (0x61000 bytes).
2020-02-14 18:53:39,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:39,312 [root] DEBUG: DLL loaded at 0x746E0000: C:\Windows\system32\bcrypt (0x17000 bytes).
2020-02-14 18:53:39,312 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:53:39,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:39,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:39,328 [root] DEBUG: DLL loaded at 0x6C340000: C:\Windows\System32\msxml3 (0x134000 bytes).
2020-02-14 18:53:39,342 [root] DEBUG: DLL loaded at 0x75380000: C:\Windows\system32\urlmon (0x150000 bytes).
2020-02-14 18:53:39,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:39,375 [root] DEBUG: DLL loaded at 0x74E50000: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-02-14 18:53:39,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:39,640 [root] DEBUG: DLL loaded at 0x74E60000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-02-14 18:53:39,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:39,671 [root] DEBUG: DLL loaded at 0x74D90000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-02-14 18:53:39,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:39,967 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-02-14 18:53:39,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:39,983 [root] DEBUG: DLL loaded at 0x74E40000: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-02-14 18:53:39,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:40,312 [root] DEBUG: DLL loaded at 0x74060000: C:\Windows\system32\version (0x9000 bytes).
2020-02-14 18:53:40,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:40,342 [root] DEBUG: DLL loaded at 0x74E10000: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-02-14 18:53:40,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:40,640 [root] DEBUG: DLL loaded at 0x75120000: C:\Windows\system32\normaliz (0x3000 bytes).
2020-02-14 18:53:40,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:40,655 [root] DEBUG: DLL loaded at 0x75F20000: C:\Windows\system32\iertutil (0x236000 bytes).
2020-02-14 18:53:40,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:40,687 [root] DEBUG: DLL loaded at 0x75AE0000: C:\Windows\system32\WININET (0x437000 bytes).
2020-02-14 18:53:40,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:40,953 [root] DEBUG: DLL loaded at 0x74E20000: C:\Windows\system32\USERENV (0x17000 bytes).
2020-02-14 18:53:40,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:40,983 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\system32\profapi (0xb000 bytes).
2020-02-14 18:53:40,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:41,015 [root] DEBUG: DLL loaded at 0x6CCB0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0 (0x4000 bytes).
2020-02-14 18:53:41,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:41,296 [root] DEBUG: DLL loaded at 0x74590000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-02-14 18:53:41,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:41,328 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-02-14 18:53:41,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:41,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:41,328 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-02-14 18:53:41,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:41,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:41,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:41,625 [root] DEBUG: DLL loaded at 0x6CF20000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF (0xe000 bytes).
2020-02-14 18:53:41,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:41,640 [root] DEBUG: DLL loaded at 0x6FB00000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\VCRUNTIME140 (0x15000 bytes).
2020-02-14 18:53:41,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:41,640 [root] DEBUG: DLL loaded at 0x6F690000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-runtime-l1-1-0 (0x4000 bytes).
2020-02-14 18:53:41,671 [root] DEBUG: DLL loaded at 0x6A2B0000: C:\Windows\system32\ucrtbase (0xe0000 bytes).
2020-02-14 18:53:41,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:41,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:41,687 [root] DEBUG: DLL loaded at 0x6CD60000: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0 (0x3000 bytes).
2020-02-14 18:53:41,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:41,967 [root] DEBUG: DLL loaded at 0x6C9D0000: C:\Windows\system32\api-ms-win-core-file-l2-1-0 (0x3000 bytes).
2020-02-14 18:53:41,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:41,983 [root] DEBUG: DLL loaded at 0x6C9B0000: C:\Windows\system32\api-ms-win-core-localization-l1-2-0 (0x3000 bytes).
2020-02-14 18:53:42,015 [root] DEBUG: DLL loaded at 0x6C8B0000: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1 (0x3000 bytes).
2020-02-14 18:53:42,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:42,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:42,030 [root] DEBUG: DLL loaded at 0x6C7A0000: C:\Windows\system32\api-ms-win-core-file-l1-2-0 (0x3000 bytes).
2020-02-14 18:53:42,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:42,280 [root] DEBUG: DLL loaded at 0x6F220000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-string-l1-1-0 (0x4000 bytes).
2020-02-14 18:53:42,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:42,312 [root] DEBUG: DLL loaded at 0x6F210000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-heap-l1-1-0 (0x3000 bytes).
2020-02-14 18:53:42,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:42,328 [root] DEBUG: DLL loaded at 0x6F200000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-stdio-l1-1-0 (0x4000 bytes).
2020-02-14 18:53:42,342 [root] DEBUG: DLL loaded at 0x6F1F0000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-convert-l1-1-0 (0x4000 bytes).
2020-02-14 18:53:42,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:42,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:42,375 [root] DEBUG: DLL loaded at 0x6F1E0000: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\api-ms-win-crt-locale-l1-1-0 (0x3000 bytes).
2020-02-14 18:53:42,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:42,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:42,953 [root] DEBUG: DLL unloaded from 0x71850000.
2020-02-14 18:53:42,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:42,967 [root] DEBUG: DLL loaded at 0x716A0000: C:\Windows\system32\wbem\wbemsvc (0xf000 bytes).
2020-02-14 18:53:42,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:43,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:43,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:43,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:43,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:43,592 [root] DEBUG: DLL loaded at 0x720D0000: C:\Windows\system32\wbem\fastprox (0xa6000 bytes).
2020-02-14 18:53:43,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:43,608 [root] DEBUG: DLL loaded at 0x71D00000: C:\Windows\system32\NTDSAPI (0x18000 bytes).
2020-02-14 18:53:43,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:43,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:43,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:43,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:43,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:43,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:43,967 [root] DEBUG: DLL unloaded from 0x6CF20000.
2020-02-14 18:53:43,983 [root] DEBUG: DLL unloaded from 0x6C9C0000.
2020-02-14 18:53:43,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:44,015 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:53:44,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:44,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:44,280 [root] DEBUG: DLL unloaded from 0x6C9C0000.
2020-02-14 18:53:44,296 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:53:44,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:44,312 [root] DEBUG: DLL unloaded from 0x6C9C0000.
2020-02-14 18:53:44,312 [root] DEBUG: DLL unloaded from 0x75130000.
2020-02-14 18:53:44,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:44,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:44,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:44,390 [root] DEBUG: DLL unloaded from 0x75980000.
2020-02-14 18:53:44,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:44,640 [root] DEBUG: DLL unloaded from 0x720D0000.
2020-02-14 18:53:45,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,125 [root] DEBUG: DLL unloaded from 0x716A0000.
2020-02-14 18:53:45,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,140 [root] DEBUG: DLL unloaded from 0x6C340000.
2020-02-14 18:53:45,171 [root] DEBUG: DLL unloaded from 0x71A90000.
2020-02-14 18:53:45,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,437 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1832
2020-02-14 18:53:45,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,453 [root] DEBUG: GetHookCallerBase: thread 2888 (handle 0x0), return address 0x00A7D700, allocation base 0x00A40000.
2020-02-14 18:53:45,483 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00A40000.
2020-02-14 18:53:45,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:45,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:45,500 [root] DEBUG: ApiReader: module list size: 44
2020-02-14 18:53:45,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:45,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:45,530 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:45,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:45,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:45,842 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:45,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:45,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:46,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:46,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:46,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:46,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:46,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:46,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:46,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:46,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:46,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:46,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:46,812 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2020-02-14 18:53:46,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:46,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:46,842 [root] INFO: Created shutdown mutex.
2020-02-14 18:53:46,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:46,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:46,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:46,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:46,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:46,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:46,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:47,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:47,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:47,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:47,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:47,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:47,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:47,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:47,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:47,875 [lib.api.process] INFO: Terminate event set for process 3072
2020-02-14 18:53:47,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:47,905 [root] DEBUG: Terminate Event: Attempting to dump process 3072
2020-02-14 18:53:47,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:47,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:47,921 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00400000.
2020-02-14 18:53:47,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:47,937 [root] DEBUG: ApiReader: module list size: 63
2020-02-14 18:53:47,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:48,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:48,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,233 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:48,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,265 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:53:48,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:53:48,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:53:48,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:53:48,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:48,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,953 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:53:48,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:53:48,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:48,983 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:53:49,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:53:49,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:49,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:49,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:50,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:50,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:50,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:50,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:50,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:53:50,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:53:50,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:53:50,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:50,703 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00650000
2020-02-14 18:53:51,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,000 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x00662670
2020-02-14 18:53:51,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,015 [root] DEBUG: Module image dump success
2020-02-14 18:53:51,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,030 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x650ffc, size: 0x284
2020-02-14 18:53:51,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,312 [root] DEBUG: IAT parsing finished, found 157 valid APIs, missed 0 APIs
2020-02-14 18:53:51,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,328 [root] DEBUG: Adding module to module list: advapi32.dll
2020-02-14 18:53:51,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:51,342 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:53:51,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,375 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:53:51,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,655 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:53:51,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:51,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,671 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:53:51,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,703 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:53:51,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,717 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:53:51,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,967 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:53:51,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:51,983 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:53:51,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,015 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\system32\cryptbase (0xc000 bytes).
2020-02-14 18:53:52,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,046 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:52,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,078 [root] INFO: Added new CAPE file to list with path: C:\ATKVeLtUo\CAPE\1060_05213215622020
2020-02-14 18:53:52,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:52,328 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:53:52,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,358 [root] INFO: Notified of termination of process with pid 1060.
2020-02-14 18:53:52,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:52,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,437 [root] DEBUG: DLL unloaded from 0x75820000.
2020-02-14 18:53:53,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:53,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:53,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:54,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,405 [root] WARNING: File at path "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00173_.WMF" does not exist, skip.
2020-02-14 18:53:54,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:54,921 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:55,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:55,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:55,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:56,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,640 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:57,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:53:57,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,905 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:57,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:53:57,937 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:53:57,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:53:57,953 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:53:57,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:57,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:53:58,250 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:53:58,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:53:58,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:53:58,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:53:58,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:58,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:58,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:53:59,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:53:59,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:53:59,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:00,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:00,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:00,203 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:54:00,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:00,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:00,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:54:00,265 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:00,265 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:00,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:00,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:00,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:00,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:00,358 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:00,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:00,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:00,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:00,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:54:00,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:00,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:54:00,967 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:00,967 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:54:01,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:01,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:54:01,030 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:54:01,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:54:01,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,092 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:01,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:01,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:54:01,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:01,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:01,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:01,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:01,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:02,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:02,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:02,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:02,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:02,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:02,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:02,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:02,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:02,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:02,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:54:02,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:02,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:02,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:02,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:02,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:02,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:02,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:02,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:02,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:02,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:02,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:02,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:03,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:03,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:03,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:03,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:03,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:03,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:03,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:03,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:03,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:03,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:03,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:03,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:03,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:03,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:03,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:03,640 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:54:03,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:03,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:03,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:54:03,717 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:03,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:03,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:03,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:03,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:03,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:03,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:03,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,030 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2904
2020-02-14 18:54:04,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:04,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,046 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:04,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,046 [root] DEBUG: GetHookCallerBase: thread 2640 (handle 0x0), return address 0x4A897302, allocation base 0x4A890000.
2020-02-14 18:54:04,092 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x4A890000.
2020-02-14 18:54:04,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:04,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,108 [root] DEBUG: ApiReader: module list size: 20
2020-02-14 18:54:04,125 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:04,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:04,155 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:04,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:04,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:04,515 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:04,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:04,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:04,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:04,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:04,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:04,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:04,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:04,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:04,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:04,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:04,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:05,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:05,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:05,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:05,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:05,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:05,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:05,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:05,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:05,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:05,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:05,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:05,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:05,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:05,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:05,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:05,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:05,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:05,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:05,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:05,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:06,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:06,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:06,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:06,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:06,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:06,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:06,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:06,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:06,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:06,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:06,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:07,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:07,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:07,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:07,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:07,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:07,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:07,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:07,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:08,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:08,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:08,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:08,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:08,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:08,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:08,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:08,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:08,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:08,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:08,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:08,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:08,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:08,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:08,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:09,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:09,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:09,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:09,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:09,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:09,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:09,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:09,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:09,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:09,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:09,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:09,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:09,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:09,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:09,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:09,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:09,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:09,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:10,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:10,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:10,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:10,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:10,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:10,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:10,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:10,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:10,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:10,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:10,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:10,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:10,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:10,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:10,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:10,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:10,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:54:10,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:10,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:10,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:10,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:10,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:10,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:10,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:10,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:10,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:10,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:10,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:10,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:54:11,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:11,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:11,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:11,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:11,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:11,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:11,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:11,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:11,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:11,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:11,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:12,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:12,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:12,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:12,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:12,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:12,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:12,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:12,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:12,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:12,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:12,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:12,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:12,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:12,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:12,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:12,203 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:54:12,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:12,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:12,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:54:12,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:12,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:12,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:12,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:12,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:12,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:12,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:12,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:13,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:13,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:13,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:14,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:14,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:14,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:14,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:14,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:14,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:14,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:14,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:14,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:14,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:14,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:14,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:14,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:14,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:14,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:14,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:14,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:15,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:15,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:15,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:15,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:15,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:15,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:15,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:15,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:15,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:15,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:15,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:15,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:15,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:15,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:15,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:15,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:15,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:15,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:15,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:15,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:15,750 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:54:15,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:15,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:54:15,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:15,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:16,030 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:54:16,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:16,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:16,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:16,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:54:16,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:16,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:16,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:16,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\framedynos.dll
2020-02-14 18:54:16,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:16,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:16,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\framedynos.dll
2020-02-14 18:54:16,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:16,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:16,812 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:16,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:16,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:16,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:16,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:16,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:16,905 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2020-02-14 18:54:16,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:16,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:16,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2020-02-14 18:54:16,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:16,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:16,983 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2020-02-14 18:54:17,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:17,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2020-02-14 18:54:17,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:17,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,296 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\secur32.dll
2020-02-14 18:54:17,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:17,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\secur32.dll
2020-02-14 18:54:17,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:17,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:17,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:17,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:17,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:17,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:17,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:17,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:17,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:17,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:17,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:17,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:17,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:17,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:18,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:18,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:18,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:18,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,171 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:18,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:18,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:18,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:18,217 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:18,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:18,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:18,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:18,546 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:54:18,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:18,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:18,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\lpk.dll
2020-02-14 18:54:18,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:18,640 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:54:18,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\usp10.dll
2020-02-14 18:54:18,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:18,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,890 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:54:18,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:18,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:18,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2020-02-14 18:54:18,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:18,967 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:18,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:18,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:19,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:19,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:19,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:19,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:19,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:19,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:19,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:19,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:54:19,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:19,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:19,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:19,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:19,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:19,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:19,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:19,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:19,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:19,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:19,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:19,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:19,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:19,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:19,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:20,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:20,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:20,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:20,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:20,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:20,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:20,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:20,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:20,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\mpr.dll
2020-02-14 18:54:20,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:20,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:20,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:20,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:20,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:20,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2020-02-14 18:54:20,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:20,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:20,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:20,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:20,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:20,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:20,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:20,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:21,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:21,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:21,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:21,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:21,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:21,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:21,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:21,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:21,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:21,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:21,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:21,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:21,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:21,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:21,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:21,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:21,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:21,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:21,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:21,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2020-02-14 18:54:21,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:21,967 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:54:21,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:21,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:22,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:22,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sechost.dll
2020-02-14 18:54:22,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,046 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:54:22,265 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:22,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:54:22,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:22,342 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\netapi32.dll
2020-02-14 18:54:22,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:22,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:22,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netapi32.dll
2020-02-14 18:54:22,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2020-02-14 18:54:22,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:22,530 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:22,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:22,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:22,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:22,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:22,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,828 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:22,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:22,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:22,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:22,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:22,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:22,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:22,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:23,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:23,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:23,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:23,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:23,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:23,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:23,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:23,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:23,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:23,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:23,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:23,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:23,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:23,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:23,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:23,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:23,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:23,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:23,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:23,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:23,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:23,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:23,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:23,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:23,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:24,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:24,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:24,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:24,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:24,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:24,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:24,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:24,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:24,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:24,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:24,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:24,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:24,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:24,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:24,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:24,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:24,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:24,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:24,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:24,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:24,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:24,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:24,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:24,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:24,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:24,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:24,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:24,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:25,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:25,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:25,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:25,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:25,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:25,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:25,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:25,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:25,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:25,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:25,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:25,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:25,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:25,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:25,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:25,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:25,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:25,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:25,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:25,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:25,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:25,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:25,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:26,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:26,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:26,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:26,217 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2020-02-14 18:54:26,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:26,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:26,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2020-02-14 18:54:26,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:26,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:26,280 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2020-02-14 18:54:26,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:26,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2020-02-14 18:54:26,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:26,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:26,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:26,328 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:54:26,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:26,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:54:26,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:26,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:26,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:26,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:26,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:26,717 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:54:26,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:26,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:54:26,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:26,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:27,062 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:54:27,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:27,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:27,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:27,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:27,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:54:27,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:27,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:27,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:27,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:27,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:27,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:27,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:27,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:27,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:27,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:27,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:27,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:27,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:27,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:27,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:27,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:27,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:27,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:27,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:27,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:27,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:27,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:28,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:28,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:28,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:28,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:28,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,905 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:54:28,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:54:28,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:28,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:28,967 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:54:29,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:29,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:29,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:54:29,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:29,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:29,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\urlmon.dll
2020-02-14 18:54:29,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:29,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:29,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\urlmon.dll
2020-02-14 18:54:29,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:29,483 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2020-02-14 18:54:29,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:29,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:29,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:29,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2020-02-14 18:54:29,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:29,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:29,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:29,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:29,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:29,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:29,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:29,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:29,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:29,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:29,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:30,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:30,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:30,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:30,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:30,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:30,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:30,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:30,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:30,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:30,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:30,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:30,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:30,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:30,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:30,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:30,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:30,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:30,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:30,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:30,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:30,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:30,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:30,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:30,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:30,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:30,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:30,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:30,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:31,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:31,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:31,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:31,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:31,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:31,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:31,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:31,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:31,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:31,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:31,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:31,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:31,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:31,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:31,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:31,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:31,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:31,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:31,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:31,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:31,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:31,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:32,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:32,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:32,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:32,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:32,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:32,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:32,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:32,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:32,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:32,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:32,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:32,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:32,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:32,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:32,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:33,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:33,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:33,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:33,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:33,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,125 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:33,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:33,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\netutils.dll
2020-02-14 18:54:33,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:33,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:33,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:33,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
2020-02-14 18:54:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,562 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
2020-02-14 18:54:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:33,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,875 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2020-02-14 18:54:33,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:33,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2020-02-14 18:54:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:33,967 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2020-02-14 18:54:33,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2020-02-14 18:54:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:34,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:34,265 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2020-02-14 18:54:34,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:34,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:34,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2020-02-14 18:54:34,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:34,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:34,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:34,375 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2020-02-14 18:54:34,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ole32.dll
2020-02-14 18:54:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2020-02-14 18:54:34,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2020-02-14 18:54:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:34,483 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2020-02-14 18:54:34,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2020-02-14 18:54:34,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2020-02-14 18:54:34,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:34,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:34,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:34,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:34,983 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
2020-02-14 18:54:35,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:35,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
2020-02-14 18:54:35,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,203 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\GdiPlus.dll
2020-02-14 18:54:35,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:35,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\GdiPlus.dll
2020-02-14 18:54:35,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:35,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,453 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\mpr.dll
2020-02-14 18:54:35,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:35,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\mpr.dll
2020-02-14 18:54:35,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,530 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:35,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:35,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shell32.dll
2020-02-14 18:54:35,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:35,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:35,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:35,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:35,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:36,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:36,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:36,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:36,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:36,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:36,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:36,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:37,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:37,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:37,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:37,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:37,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:37,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:37,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:37,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:37,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:37,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:37,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:38,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:38,921 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:54:38,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:38,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:39,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:54:39,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:39,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:39,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:39,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:39,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:39,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:54:39,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:39,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:39,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:54:39,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:39,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:39,453 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:54:39,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:39,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:39,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:54:40,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:40,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:40,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:40,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:40,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2020-02-14 18:54:40,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:40,233 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:54:40,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2020-02-14 18:54:40,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:40,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:40,890 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\winbrand.dll
2020-02-14 18:54:40,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\winbrand.dll
2020-02-14 18:54:40,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:40,921 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:54:40,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:40,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:40,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\imm32.dll
2020-02-14 18:54:40,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:54:41,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,280 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:54:41,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2020-02-14 18:54:41,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:54:41,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2020-02-14 18:54:41,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:41,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:41,875 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:42,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:42,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:42,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:42,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:42,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:42,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:42,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:42,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\samcli.dll
2020-02-14 18:54:42,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:42,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:42,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:42,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:42,828 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2020-02-14 18:54:42,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:42,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:42,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2020-02-14 18:54:42,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:42,842 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
2020-02-14 18:54:42,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:42,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:42,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:42,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
2020-02-14 18:54:42,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,155 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:54:43,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:43,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:43,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2020-02-14 18:54:43,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,217 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2020-02-14 18:54:43,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:43,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2020-02-14 18:54:43,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:43,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:54:43,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,296 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:54:43,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:43,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2020-02-14 18:54:43,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
2020-02-14 18:54:43,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
2020-02-14 18:54:43,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2020-02-14 18:54:43,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
2020-02-14 18:54:43,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2020-02-14 18:54:43,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,687 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2020-02-14 18:54:43,717 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x4A890000
2020-02-14 18:54:43,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:43,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2020-02-14 18:54:43,765 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x4A89829A
2020-02-14 18:54:44,000 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:54:44,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:44,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2020-02-14 18:54:44,062 [root] DEBUG: Module image dump success
2020-02-14 18:54:44,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:44,108 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2020-02-14 18:54:44,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:44,108 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x4a890ffc, size: 0x3a4
2020-02-14 18:54:44,155 [root] DEBUG: IAT parsing finished, found 229 valid APIs, missed 0 APIs
2020-02-14 18:54:44,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:44,546 [root] DEBUG: Adding module to module list: msvcrt.dll
2020-02-14 18:54:44,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2020-02-14 18:54:44,875 [root] DEBUG: Adding module to module list: ntdll.dll
2020-02-14 18:54:44,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:45,203 [root] DEBUG: Adding module to module list: kernel32.dll
2020-02-14 18:54:45,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:45,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:45,217 [root] WARNING: File at path "C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0148798.JPG" does not exist, skip.
2020-02-14 18:54:45,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:45,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:45,233 [root] DEBUG: Adding module to module list: winbrand.dll
2020-02-14 18:54:45,453 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-02-14 18:54:45,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:45,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:45,483 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-02-14 18:54:45,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:45,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:45,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:45,515 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-02-14 18:54:45,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:45,608 [root] DEBUG: DLL loaded at 0x74AC0000: C:\Windows\System32\cryptbase (0xc000 bytes).
2020-02-14 18:54:45,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:45,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:45,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:45,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:45,687 [root] INFO: Added new CAPE file to list with path: C:\ATKVeLtUo\CAPE\2904_7579871824514215622020
2020-02-14 18:54:45,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:45,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:45,890 [root] DEBUG: DLL unloaded from 0x75270000.
2020-02-14 18:54:45,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:45,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:45,921 [root] INFO: Notified of termination of process with pid 2904.
2020-02-14 18:54:45,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:45,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:46,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:46,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:46,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:46,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:46,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:46,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:46,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:46,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:46,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:46,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:47,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:47,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:47,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:47,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:47,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:47,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:47,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:47,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:47,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:47,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:47,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:47,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:47,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:47,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:48,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:48,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:49,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:49,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:49,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:49,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:49,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:49,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:49,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:49,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:49,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:49,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:49,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:50,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:50,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:50,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:50,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:50,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:50,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:50,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:50,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:50,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:50,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:50,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:51,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:51,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:51,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:51,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:51,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:51,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:51,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:51,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:51,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:51,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:51,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:51,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:51,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:51,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:51,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:51,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:51,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:51,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:51,655 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2020-02-14 18:54:51,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:51,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2020-02-14 18:54:52,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:52,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:53,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:54,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:55,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:56,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:57,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:58,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,717 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2020-02-14 18:54:59,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2020-02-14 18:54:59,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:59,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:59,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:54:59,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:59,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:54:59,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:00,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:00,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:00,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:00,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:00,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:00,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:00,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:00,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:00,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:00,655 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:00,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:00,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,030 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:01,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:01,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:02,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:02,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:02,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:02,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:02,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:02,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:02,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:02,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:02,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:02,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:02,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:03,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:03,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:03,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:03,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:03,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:03,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:03,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:03,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:03,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:03,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:03,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:03,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:03,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:03,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:03,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:04,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:04,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:04,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:04,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:04,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:04,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:04,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:04,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:04,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:04,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:04,483 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:04,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:04,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:04,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:04,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:04,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:04,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:04,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:04,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:04,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:05,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:05,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2020-02-14 18:55:05,342 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:05,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:05,358 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2020-02-14 18:55:05,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:05,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2020-02-14 18:55:05,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:05,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:05,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:05,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:05,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:05,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:06,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:06,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:06,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:06,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:06,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:06,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:06,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:06,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:06,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:06,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:06,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:06,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:06,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:06,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:06,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:06,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:06,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:07,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,108 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:07,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:07,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:07,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,530 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:07,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:07,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:07,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:07,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:07,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:08,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:08,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:08,078 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2020-02-14 18:55:08,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:08,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2020-02-14 18:55:08,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:55:08,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:08,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:55:08,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:08,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:55:08,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:55:08,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:08,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:55:08,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:55:08,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:08,937 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:55:09,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\version.dll
2020-02-14 18:55:09,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:09,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:55:09,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:09,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:55:09,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:09,312 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2020-02-14 18:55:09,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:09,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2020-02-14 18:55:09,358 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:09,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:09,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\normaliz.dll
2020-02-14 18:55:09,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:09,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\normaliz.dll
2020-02-14 18:55:09,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:09,765 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\normaliz.dll
2020-02-14 18:55:09,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:09,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\normaliz.dll
2020-02-14 18:55:10,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:55:10,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:10,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:10,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:55:10,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:10,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:10,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:55:10,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:10,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:55:10,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2020-02-14 18:55:10,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:10,842 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
2020-02-14 18:55:10,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
2020-02-14 18:55:10,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:10,890 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\wininet.dll
2020-02-14 18:55:10,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:10,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:10,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\wininet.dll
2020-02-14 18:55:11,328 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2020-02-14 18:55:11,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:11,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2020-02-14 18:55:11,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:11,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\profapi.dll
2020-02-14 18:55:11,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:11,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\profapi.dll
2020-02-14 18:55:11,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:11,467 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2020-02-14 18:55:11,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2020-02-14 18:55:11,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:11,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:11,905 [root] DEBUG: DLL loaded at 0x74A70000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-02-14 18:55:12,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,280 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,780 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:12,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:13,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:13,217 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:13,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:13,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:13,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:13,592 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:13,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:13,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:13,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,092 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:14,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,733 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:15,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,155 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,608 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,967 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:16,983 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,405 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,467 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,842 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,858 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,905 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2020-02-14 18:55:17,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,905 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2020-02-14 18:55:17,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:17,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:18,233 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:18,250 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:18,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:18,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:18,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:18,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2020-02-14 18:55:18,703 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:55:18,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll
2020-02-14 18:55:18,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2020-02-14 18:55:18,717 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\System32\user32.dll

MalScore

10.0

Goodmen

Machine

Name Label Manager Started On Shutdown On
win7_3 win7_3 KVM 2020-02-14 17:50:02 2020-02-14 17:55:53

File Details

File Name LockBit
File Size 80896 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0d03306ed6dd40407e8ae0fa3ffc181f
SHA1 39f5ec91f17f2dcee1c9fa124796439bc93a5120
SHA256 6fedf83e76d76c59c8ad0da4c5af28f23a12119779f793fd253231b5e3b00a1a
SHA512 1728a52842b05e4f0aa49cc3aa872ec3702b10dd6d55c166a5ee9cd783eca023f275b2c58f1b4dce44e84f479f5e4938eba9a75d6717e671cf4fa00808d425ef
CRC32 49080F30
Ssdeep 1536:w9NXLQFAUxczKK685UcxzZCrFI6edTP6VNUmT3hUZMqqU+hV2rRO8/7a:w9BpUqzBLChITdPk+mT6ZMqqD/I7a
TrID None matched
ClamAV None matched
Yara
  • vmdetect - Possibly employs anti-virtualization techniques
  • shellcode_stack_strings - Match x86 that appears to be stack string creation.
CAPE Yara None matched
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 0 trigged the Yara rule 'embedded_win_api'
Hit: PID 0 trigged the Yara rule 'shellcode_patterns'