Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-05-23 10:29:05 2020-05-23 10:34:01 296 seconds Show Options Show Log
route = inetsim
procmemdump = 1
import_reconstruction = 1
disable_cape = 1
2020-05-13 09:30:40,188 [root] INFO: Date set to: 20200523T10:29:05, timeout set to: 200
2020-05-23 10:29:05,093 [root] DEBUG: Starting analyzer from: C:\tmplodztmkc
2020-05-23 10:29:05,093 [root] DEBUG: Storing results at: C:\NUAMHTiLfa
2020-05-23 10:29:05,093 [root] DEBUG: Pipe server name: \\.\PIPE\tmkTNho
2020-05-23 10:29:05,093 [root] DEBUG: Python path: C:\Users\Louise\AppData\Local\Programs\Python\Python38-32
2020-05-23 10:29:05,093 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-05-23 10:29:05,093 [root] INFO: Automatically selected analysis package "exe"
2020-05-23 10:29:05,093 [root] DEBUG: Trying to import analysis package "exe"...
2020-05-23 10:29:05,093 [root] DEBUG: Imported analysis package "exe".
2020-05-23 10:29:05,093 [root] DEBUG: Trying to initialize analysis package "exe"...
2020-05-23 10:29:05,093 [root] DEBUG: Initialized analysis package "exe".
2020-05-23 10:29:05,125 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.browser"...
2020-05-23 10:29:05,140 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser".
2020-05-23 10:29:05,140 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.curtain"...
2020-05-23 10:29:05,171 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain".
2020-05-23 10:29:05,171 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.digisig"...
2020-05-23 10:29:05,187 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig".
2020-05-23 10:29:05,187 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.disguise"...
2020-05-23 10:29:05,203 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise".
2020-05-23 10:29:05,203 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.human"...
2020-05-23 10:29:05,203 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human".
2020-05-23 10:29:05,203 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.procmon"...
2020-05-23 10:29:05,218 [root] DEBUG: Imported auxiliary module "modules.auxiliary.procmon".
2020-05-23 10:29:05,218 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.screenshots"...
2020-05-23 10:29:05,218 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-05-23 10:29:05,218 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-05-23 10:29:05,218 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-05-23 10:29:05,218 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-05-23 10:29:05,218 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-05-23 10:29:05,218 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-05-23 10:29:05,234 [lib.api.screenshot] DEBUG: Importing 'math'
2020-05-23 10:29:05,234 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-05-23 10:29:05,359 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-05-23 10:29:05,375 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-05-23 10:29:05,375 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-05-23 10:29:05,375 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots".
2020-05-23 10:29:05,375 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.sysmon"...
2020-05-23 10:29:05,390 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon".
2020-05-23 10:29:05,390 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.usage"...
2020-05-23 10:29:05,390 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage".
2020-05-23 10:29:05,390 [root] DEBUG: Trying to initialize auxiliary module "Browser"...
2020-05-23 10:29:05,390 [root] DEBUG: Initialized auxiliary module "Browser".
2020-05-23 10:29:05,390 [root] DEBUG: Trying to start auxiliary module "Browser"...
2020-05-23 10:29:05,406 [root] DEBUG: Started auxiliary module Browser
2020-05-23 10:29:05,406 [root] DEBUG: Trying to initialize auxiliary module "Curtain"...
2020-05-23 10:29:05,406 [root] DEBUG: Initialized auxiliary module "Curtain".
2020-05-23 10:29:05,406 [root] DEBUG: Trying to start auxiliary module "Curtain"...
2020-05-23 10:29:05,406 [root] DEBUG: Started auxiliary module Curtain
2020-05-23 10:29:05,406 [root] DEBUG: Trying to initialize auxiliary module "DigiSig"...
2020-05-23 10:29:05,406 [root] DEBUG: Initialized auxiliary module "DigiSig".
2020-05-23 10:29:05,406 [root] DEBUG: Trying to start auxiliary module "DigiSig"...
2020-05-23 10:29:05,406 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-05-23 10:29:05,859 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-05-23 10:29:05,859 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-05-23 10:29:05,859 [root] DEBUG: Started auxiliary module DigiSig
2020-05-23 10:29:05,859 [root] DEBUG: Trying to initialize auxiliary module "Disguise"...
2020-05-23 10:29:05,859 [root] DEBUG: Initialized auxiliary module "Disguise".
2020-05-23 10:29:05,859 [root] DEBUG: Trying to start auxiliary module "Disguise"...
2020-05-23 10:29:05,890 [root] DEBUG: Started auxiliary module Disguise
2020-05-23 10:29:05,890 [root] DEBUG: Trying to initialize auxiliary module "Human"...
2020-05-23 10:29:05,890 [root] DEBUG: Initialized auxiliary module "Human".
2020-05-23 10:29:05,890 [root] DEBUG: Trying to start auxiliary module "Human"...
2020-05-23 10:29:05,906 [root] DEBUG: Started auxiliary module Human
2020-05-23 10:29:05,906 [root] DEBUG: Trying to initialize auxiliary module "Procmon"...
2020-05-23 10:29:05,906 [root] DEBUG: Initialized auxiliary module "Procmon".
2020-05-23 10:29:05,906 [root] DEBUG: Trying to start auxiliary module "Procmon"...
2020-05-23 10:29:05,906 [root] DEBUG: Started auxiliary module Procmon
2020-05-23 10:29:05,906 [root] DEBUG: Trying to initialize auxiliary module "Screenshots"...
2020-05-23 10:29:05,906 [root] DEBUG: Initialized auxiliary module "Screenshots".
2020-05-23 10:29:05,906 [root] DEBUG: Trying to start auxiliary module "Screenshots"...
2020-05-23 10:29:05,906 [root] DEBUG: Started auxiliary module Screenshots
2020-05-23 10:29:05,906 [root] DEBUG: Trying to initialize auxiliary module "Sysmon"...
2020-05-23 10:29:05,921 [root] DEBUG: Initialized auxiliary module "Sysmon".
2020-05-23 10:29:05,921 [root] DEBUG: Trying to start auxiliary module "Sysmon"...
2020-05-23 10:29:05,921 [root] DEBUG: Started auxiliary module Sysmon
2020-05-23 10:29:05,921 [root] DEBUG: Trying to initialize auxiliary module "Usage"...
2020-05-23 10:29:05,921 [root] DEBUG: Initialized auxiliary module "Usage".
2020-05-23 10:29:05,921 [root] DEBUG: Trying to start auxiliary module "Usage"...
2020-05-23 10:29:05,921 [root] DEBUG: Started auxiliary module Usage
2020-05-23 10:29:05,921 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-05-23 10:29:05,921 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-05-23 10:29:05,921 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-05-23 10:29:05,921 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-05-23 10:29:06,015 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Louise\AppData\Local\Temp\data.exe" with arguments "" with pid 2616
2020-05-23 10:29:06,015 [lib.api.process] INFO: Monitor config for process 2616: C:\tmplodztmkc\dll\2616.ini
2020-05-23 10:29:06,046 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-05-23 10:29:06,046 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-05-23 10:29:06,046 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\qbjiPP.dll, loader C:\tmplodztmkc\bin\aNleGii.exe
2020-05-23 10:29:06,109 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\tmkTNho.
2020-05-23 10:29:06,125 [root] DEBUG: Loader: Injecting process 2616 (thread 3404) with C:\tmplodztmkc\dll\qbjiPP.dll.
2020-05-23 10:29:06,125 [root] DEBUG: Process image base: 0x00400000
2020-05-23 10:29:06,125 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\qbjiPP.dll.
2020-05-23 10:29:06,125 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-05-23 10:29:06,140 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\qbjiPP.dll.
2020-05-23 10:29:06,140 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2616
2020-05-23 10:29:08,156 [lib.api.process] INFO: Successfully resumed process with pid 2616
2020-05-23 10:29:08,421 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-05-23 10:29:08,437 [root] DEBUG: Full process memory dumps enabled.
2020-05-23 10:29:08,437 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-05-23 10:29:08,437 [root] DEBUG: Dropped file limit defaulting to 100.
2020-05-23 10:29:08,437 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-05-23 10:29:08,437 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 2616 at 0x6f4e0000, image base 0x400000, stack from 0x186000-0x190000
2020-05-23 10:29:08,437 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"C:\Users\Louise\AppData\Local\Temp\data.exe".
2020-05-23 10:29:08,484 [root] INFO: loaded: b'2616'
2020-05-23 10:29:08,484 [root] INFO: Loaded monitor into process with pid 2616
2020-05-23 10:29:08,484 [root] INFO: Disabling sleep skipping.
2020-05-23 10:29:08,484 [root] INFO: Disabling sleep skipping.
2020-05-23 10:29:08,484 [root] INFO: Disabling sleep skipping.
2020-05-23 10:29:08,500 [root] INFO: Disabling sleep skipping.
2020-05-23 10:29:08,703 [root] DEBUG: set_caller_info: Adding region at 0x00230000 to caller regions list (ntdll::memcpy).
2020-05-23 10:29:08,718 [root] DEBUG: DLL loaded at 0x76170000: C:\Windows\syswow64\COMDLG32 (0x7b000 bytes).
2020-05-23 10:29:08,734 [root] DEBUG: DLL loaded at 0x75180000: C:\Windows\syswow64\SHELL32 (0xc4c000 bytes).
2020-05-23 10:29:08,734 [root] DEBUG: DLL loaded at 0x74020000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2020-05-23 10:29:08,734 [root] DEBUG: DLL loaded at 0x76930000: C:\Windows\syswow64\OLEAUT32 (0x91000 bytes).
2020-05-23 10:29:08,734 [root] DEBUG: DLL loaded at 0x73390000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-05-23 10:29:08,750 [root] DEBUG: DLL loaded at 0x74C10000: C:\Windows\syswow64\WININET (0x1c4000 bytes).
2020-05-23 10:29:08,750 [root] DEBUG: DLL loaded at 0x76320000: C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-05-23 10:29:08,750 [root] DEBUG: DLL loaded at 0x75F00000: C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-05-23 10:29:08,750 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-05-23 10:29:08,765 [root] DEBUG: DLL loaded at 0x74A00000: C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-05-23 10:29:08,765 [root] DEBUG: DLL loaded at 0x75170000: C:\Windows\syswow64\normaliz (0x3000 bytes).
2020-05-23 10:29:08,765 [root] DEBUG: DLL loaded at 0x74F50000: C:\Windows\syswow64\iertutil (0x215000 bytes).
2020-05-23 10:29:08,765 [root] DEBUG: DLL loaded at 0x75EF0000: C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-05-23 10:29:08,781 [root] DEBUG: DLL unloaded from 0x763D0000.
2020-05-23 10:29:09,828 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data', '', False, 'files')
2020-05-23 10:29:09,921 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data', '', False, 'files')
2020-05-23 10:29:10,031 [root] DEBUG: Exception Caught! PID: 2616 EIP: data.exe+3846c SEH: data.exe+4cb60 0043846c, Fault Address: 00000000, Esp: 0018fba0, Exception Code: c000001d,  data.exe+38b6b data.exe+3c715 data.exe+3d942 data.exe+9ad1 kernel32.dll+1343d ntdll.dll+39802 ntdll.dll+397d
2020-05-23 10:29:10,093 [root] DEBUG: DLL loaded at 0x740A0000: C:\Windows\system32\profapi (0xb000 bytes).
2020-05-23 10:29:11,593 [root] INFO: ('dump_file', 'C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700.exe', '', False, 'files')
2020-05-23 10:29:11,640 [root] INFO: ('dump_file', 'C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700.exe', '', False, 'files')
2020-05-23 10:29:11,687 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data')
2020-05-23 10:29:11,687 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data', '', False, 'files')
2020-05-23 10:29:11,796 [root] INFO: Announced 32-bit process name: nMpEgLh21700.exe pid: 3180
2020-05-23 10:29:11,796 [lib.api.process] INFO: Monitor config for process 3180: C:\tmplodztmkc\dll\3180.ini
2020-05-23 10:29:11,796 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-05-23 10:29:11,796 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-05-23 10:29:11,796 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\qbjiPP.dll, loader C:\tmplodztmkc\bin\aNleGii.exe
2020-05-23 10:29:11,828 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\tmkTNho.
2020-05-23 10:29:11,828 [root] DEBUG: Loader: Injecting process 3180 (thread 4896) with C:\tmplodztmkc\dll\qbjiPP.dll.
2020-05-23 10:29:11,828 [root] DEBUG: Process image base: 0x00400000
2020-05-23 10:29:11,828 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\qbjiPP.dll.
2020-05-23 10:29:11,843 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-05-23 10:29:11,843 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\qbjiPP.dll.
2020-05-23 10:29:11,843 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3180
2020-05-23 10:29:11,843 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-05-23 10:29:11,875 [root] INFO: Announced 32-bit process name: nMpEgLh21700.exe pid: 3180
2020-05-23 10:29:11,875 [lib.api.process] INFO: Monitor config for process 3180: C:\tmplodztmkc\dll\3180.ini
2020-05-23 10:29:11,875 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2020-05-23 10:29:11,875 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2020-05-23 10:29:11,875 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmplodztmkc\dll\qbjiPP.dll, loader C:\tmplodztmkc\bin\aNleGii.exe
2020-05-23 10:29:11,906 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\tmkTNho.
2020-05-23 10:29:11,906 [root] DEBUG: Loader: Injecting process 3180 (thread 4896) with C:\tmplodztmkc\dll\qbjiPP.dll.
2020-05-23 10:29:11,921 [root] DEBUG: Process image base: 0x00400000
2020-05-23 10:29:11,921 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmplodztmkc\dll\qbjiPP.dll.
2020-05-23 10:29:11,921 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-05-23 10:29:11,921 [root] DEBUG: Successfully injected DLL C:\tmplodztmkc\dll\qbjiPP.dll.
2020-05-23 10:29:11,921 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3180
2020-05-23 10:29:11,953 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-05-23 10:29:11,953 [root] DEBUG: Full process memory dumps enabled.
2020-05-23 10:29:11,953 [root] DEBUG: Import reconstruction of process dumps enabled.
2020-05-23 10:29:11,953 [root] DEBUG: Dropped file limit defaulting to 100.
2020-05-23 10:29:11,968 [root] DEBUG: DLL loaded at 0x703C0000: C:\Windows\system32\Secur32 (0x8000 bytes).
2020-05-23 10:29:11,968 [root] INFO: Disabling sleep skipping.
2020-05-23 10:29:11,968 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-05-23 10:29:11,968 [root] DEBUG: DLL loaded at 0x6FBB0000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2020-05-23 10:29:11,968 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 3180 at 0x6f4e0000, image base 0x400000, stack from 0x186000-0x190000
2020-05-23 10:29:11,984 [root] DEBUG: Commandline: C:\Users\Louise\AppData\Local\Temp\"C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe" "C:\Users\Louise\AppData\Local\Temp\data.exe".
2020-05-23 10:29:11,984 [root] DEBUG: DLL loaded at 0x76330000: C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-05-23 10:29:12,000 [root] DEBUG: DLL loaded at 0x74A10000: C:\Windows\syswow64\WS2_32 (0x35000 bytes).
2020-05-23 10:29:12,000 [root] DEBUG: DLL loaded at 0x76780000: C:\Windows\syswow64\NSI (0x6000 bytes).
2020-05-23 10:29:12,015 [root] DEBUG: DLL loaded at 0x6F860000: C:\Windows\system32\winhttp (0x58000 bytes).
2020-05-23 10:29:12,015 [root] DEBUG: DLL loaded at 0x6F810000: C:\Windows\system32\webio (0x50000 bytes).
2020-05-23 10:29:12,015 [root] DEBUG: DLL unloaded from 0x6F860000.
2020-05-23 10:29:12,093 [root] INFO: loaded: b'3180'
2020-05-23 10:29:12,093 [root] INFO: Loaded monitor into process with pid 3180
2020-05-23 10:29:12,125 [root] DEBUG: DLL loaded at 0x744E0000: C:\Windows\system32\IPHLPAPI (0x1c000 bytes).
2020-05-23 10:29:12,125 [root] DEBUG: DLL loaded at 0x744D0000: C:\Windows\system32\WINNSI (0x7000 bytes).
2020-05-23 10:29:12,140 [root] DEBUG: DLL loaded at 0x740F0000: C:\Windows\system32\mswsock (0x3c000 bytes).
2020-05-23 10:29:12,140 [root] DEBUG: DLL loaded at 0x6FB90000: C:\Windows\System32\wship6 (0x6000 bytes).
2020-05-23 10:29:12,140 [root] DEBUG: DLL loaded at 0x6FBA0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0 (0x4000 bytes).
2020-05-23 10:29:12,156 [root] DEBUG: DLL loaded at 0x6F8C0000: C:\Windows\system32\DNSAPI (0x44000 bytes).
2020-05-23 10:29:12,171 [root] DEBUG: DLL loaded at 0x75DD0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-05-23 10:29:12,171 [root] DEBUG: DLL loaded at 0x6FC10000: C:\Windows\System32\netprofm (0x5a000 bytes).
2020-05-23 10:29:12,171 [root] DEBUG: DLL loaded at 0x6FC00000: C:\Windows\System32\nlaapi (0x10000 bytes).
2020-05-23 10:29:12,187 [root] DEBUG: DLL loaded at 0x6F800000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2020-05-23 10:29:12,187 [root] DEBUG: DLL loaded at 0x74130000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-05-23 10:29:12,203 [root] DEBUG: DLL loaded at 0x74040000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-05-23 10:29:12,203 [root] DEBUG: DLL loaded at 0x732F0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-05-23 10:29:12,203 [root] DEBUG: DLL loaded at 0x6F7E0000: C:\Windows\system32\dhcpcsvc (0x12000 bytes).
2020-05-23 10:29:12,203 [root] DEBUG: DLL loaded at 0x74310000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2020-05-23 10:29:12,218 [root] DEBUG: DLL loaded at 0x76650000: C:\Windows\syswow64\urlmon (0x124000 bytes).
2020-05-23 10:29:12,218 [root] DEBUG: DLL loaded at 0x6F7C0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2020-05-23 10:29:12,249 [root] DEBUG: set_caller_info: Adding region at 0x00340000 to caller regions list (ntdll::memcpy).
2020-05-23 10:29:12,265 [root] DEBUG: DLL loaded at 0x6F440000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32 (0x84000 bytes).
2020-05-23 10:29:12,265 [root] DEBUG: DLL loaded at 0x76170000: C:\Windows\syswow64\COMDLG32 (0x7b000 bytes).
2020-05-23 10:29:12,265 [root] DEBUG: DLL loaded at 0x6F400000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2020-05-23 10:29:12,265 [root] DEBUG: DLL loaded at 0x75180000: C:\Windows\syswow64\SHELL32 (0xc4c000 bytes).
2020-05-23 10:29:12,281 [root] DEBUG: DLL loaded at 0x74020000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2020-05-23 10:29:12,281 [root] DEBUG: DLL loaded at 0x76930000: C:\Windows\syswow64\OLEAUT32 (0x91000 bytes).
2020-05-23 10:29:12,281 [root] DEBUG: DLL loaded at 0x73390000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-05-23 10:29:12,296 [root] DEBUG: DLL loaded at 0x74C10000: C:\Windows\syswow64\WININET (0x1c4000 bytes).
2020-05-23 10:29:12,312 [root] DEBUG: DLL loaded at 0x76320000: C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-05-23 10:29:12,312 [root] DEBUG: DLL loaded at 0x73690000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\Comctl32 (0x19e000 bytes).
2020-05-23 10:29:12,312 [root] DEBUG: DLL loaded at 0x75F00000: C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-05-23 10:29:12,312 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-05-23 10:29:12,312 [root] DEBUG: DLL unloaded from 0x74310000.
2020-05-23 10:29:12,312 [root] DEBUG: DLL loaded at 0x74A00000: C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-05-23 10:29:12,312 [root] DEBUG: DLL unloaded from 0x6FB90000.
2020-05-23 10:29:12,312 [root] DEBUG: DLL loaded at 0x75170000: C:\Windows\syswow64\normaliz (0x3000 bytes).
2020-05-23 10:29:12,328 [root] DEBUG: DLL loaded at 0x74F50000: C:\Windows\syswow64\iertutil (0x215000 bytes).
2020-05-23 10:29:12,328 [root] DEBUG: DLL loaded at 0x75EF0000: C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-05-23 10:29:12,343 [root] DEBUG: DLL unloaded from 0x763D0000.
2020-05-23 10:29:12,531 [root] DEBUG: DLL loaded at 0x6FBC0000: C:\Windows\System32\npmproxy (0x8000 bytes).
2020-05-23 10:29:13,359 [root] INFO: ('dump_file', 'C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700', '', False, 'files')
2020-05-23 10:29:13,390 [root] INFO: ('dump_file', 'C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700', '', False, 'files')
2020-05-23 10:29:13,421 [root] DEBUG: Exception Caught! PID: 3180 EIP: nMpEgLh21700.exe+3846c SEH: nMpEgLh21700.exe+4cb60 0043846c, Fault Address: 00000000, Esp: 0018fba0, Exception Code: c000001d,  nMpEgLh21700.exe+38b6b nMpEgLh21700.exe+3c715 nMpEgLh21700.exe+3d942 nMpEgLh21700.exe+9ad1 k
2020-05-23 10:29:13,421 [root] DEBUG: DLL loaded at 0x740A0000: C:\Windows\system32\profapi (0xb000 bytes).
2020-05-23 10:29:13,421 [root] DEBUG: DLL loaded at 0x703C0000: C:\Windows\system32\Secur32 (0x8000 bytes).
2020-05-23 10:29:13,421 [root] DEBUG: DLL loaded at 0x6FBB0000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2020-05-23 10:29:13,437 [root] DEBUG: DLL loaded at 0x76330000: C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-05-23 10:29:13,437 [root] DEBUG: DLL loaded at 0x74A10000: C:\Windows\syswow64\WS2_32 (0x35000 bytes).
2020-05-23 10:29:13,437 [root] DEBUG: DLL loaded at 0x76780000: C:\Windows\syswow64\NSI (0x6000 bytes).
2020-05-23 10:29:13,453 [root] DEBUG: DLL loaded at 0x6F860000: C:\Windows\system32\winhttp (0x58000 bytes).
2020-05-23 10:29:13,453 [root] DEBUG: DLL loaded at 0x6F810000: C:\Windows\system32\webio (0x50000 bytes).
2020-05-23 10:29:13,453 [root] DEBUG: DLL unloaded from 0x6F860000.
2020-05-23 10:29:13,500 [root] DEBUG: DLL loaded at 0x744E0000: C:\Windows\system32\IPHLPAPI (0x1c000 bytes).
2020-05-23 10:29:13,515 [root] DEBUG: DLL loaded at 0x744D0000: C:\Windows\system32\WINNSI (0x7000 bytes).
2020-05-23 10:29:13,515 [root] DEBUG: DLL loaded at 0x6FBA0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0 (0x4000 bytes).
2020-05-23 10:29:13,515 [root] DEBUG: DLL loaded at 0x6F8C0000: C:\Windows\system32\DNSAPI (0x44000 bytes).
2020-05-23 10:29:13,531 [root] DEBUG: DLL loaded at 0x740F0000: C:\Windows\system32\mswsock (0x3c000 bytes).
2020-05-23 10:29:13,531 [root] DEBUG: DLL loaded at 0x6FB90000: C:\Windows\System32\wship6 (0x6000 bytes).
2020-05-23 10:29:13,593 [root] DEBUG: DLL loaded at 0x75DD0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-05-23 10:29:13,593 [root] DEBUG: DLL loaded at 0x6FC10000: C:\Windows\System32\netprofm (0x5a000 bytes).
2020-05-23 10:29:13,593 [root] DEBUG: DLL loaded at 0x6FC00000: C:\Windows\System32\nlaapi (0x10000 bytes).
2020-05-23 10:29:13,593 [root] DEBUG: DLL loaded at 0x6F800000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2020-05-23 10:29:13,609 [root] DEBUG: DLL loaded at 0x74130000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-05-23 10:29:13,609 [root] DEBUG: DLL loaded at 0x74040000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-05-23 10:29:13,625 [root] DEBUG: DLL loaded at 0x732F0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-05-23 10:29:13,625 [root] DEBUG: DLL loaded at 0x76650000: C:\Windows\syswow64\urlmon (0x124000 bytes).
2020-05-23 10:29:13,625 [root] DEBUG: DLL loaded at 0x6F7E0000: C:\Windows\system32\dhcpcsvc (0x12000 bytes).
2020-05-23 10:29:13,640 [root] DEBUG: DLL loaded at 0x74310000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2020-05-23 10:29:13,640 [root] DEBUG: DLL loaded at 0x6F7C0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2020-05-23 10:29:13,640 [root] DEBUG: DLL loaded at 0x6F400000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2020-05-23 10:29:13,656 [root] DEBUG: DLL loaded at 0x6FBC0000: C:\Windows\System32\npmproxy (0x8000 bytes).
2020-05-23 10:29:13,656 [root] DEBUG: DLL loaded at 0x73690000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\Comctl32 (0x19e000 bytes).
2020-05-23 10:29:13,656 [root] DEBUG: DLL unloaded from 0x74310000.
2020-05-23 10:29:13,671 [root] DEBUG: DLL unloaded from 0x6FB90000.
2020-05-23 10:29:22,437 [root] DEBUG: DLL unloaded from 0x74C10000.
2020-05-23 10:29:22,453 [root] DEBUG: DLL unloaded from 0x76930000.
2020-05-23 10:29:22,453 [root] DEBUG: DLL unloaded from 0x6FBC0000.
2020-05-23 10:29:22,453 [root] DEBUG: DLL unloaded from 0x6FC10000.
2020-05-23 10:29:23,703 [root] DEBUG: DLL unloaded from 0x74C10000.
2020-05-23 10:29:23,718 [root] DEBUG: DLL unloaded from 0x76930000.
2020-05-23 10:29:23,718 [root] DEBUG: DLL unloaded from 0x6FBC0000.
2020-05-23 10:29:23,734 [root] DEBUG: DLL unloaded from 0x6FC10000.
2020-05-23 10:29:31,078 [root] DEBUG: DLL loaded at 0x72AF0000: C:\Windows\System32\netprofm (0x5a000 bytes).
2020-05-23 10:29:31,078 [root] DEBUG: DLL loaded at 0x732B0000: C:\Windows\System32\nlaapi (0x10000 bytes).
2020-05-23 10:29:31,109 [root] DEBUG: DLL loaded at 0x73210000: C:\Windows\System32\npmproxy (0x8000 bytes).
2020-05-23 10:29:31,171 [root] DEBUG: DLL unloaded from 0x76930000.
2020-05-23 10:29:31,187 [root] DEBUG: DLL unloaded from 0x73210000.
2020-05-23 10:29:31,187 [root] DEBUG: DLL unloaded from 0x72AF0000.
2020-05-23 10:29:32,921 [root] DEBUG: DLL unloaded from 0x74DF0000.
2020-05-23 10:29:35,812 [root] INFO: ('dump_file', 'C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700', '', False, 'files')
2020-05-23 10:29:36,812 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:36,812 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:36,843 [root] DEBUG: DLL unloaded from 0x763D0000.
2020-05-23 10:29:37,015 [root] INFO: ('dump_file', 'C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700', '', False, 'files')
2020-05-23 10:29:37,031 [root] INFO: ('dump_file', 'C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700', '', False, 'files')
2020-05-23 10:29:37,140 [root] DEBUG: DLL loaded at 0x6E940000: C:\Windows\SysWOW64\ieframe (0xaba000 bytes).
2020-05-23 10:29:37,140 [root] DEBUG: DLL loaded at 0x732B0000: C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2020-05-23 10:29:37,156 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-05-23 10:29:37,468 [root] DEBUG: DLL loaded at 0x6D8D0000: C:\Windows\SysWOW64\mshtml (0x1062000 bytes).
2020-05-23 10:29:37,484 [root] DEBUG: DLL loaded at 0x73FA0000: C:\Windows\system32\UxTheme (0x80000 bytes).
2020-05-23 10:29:37,484 [root] DEBUG: DLL unloaded from 0x6D8D0000.
2020-05-23 10:29:37,515 [root] INFO: ('dump_file', 'C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700', '', False, 'files')
2020-05-23 10:29:37,531 [root] DEBUG: DLL unloaded from 0x763D0000.
2020-05-23 10:29:37,609 [root] INFO: ('dump_file', 'C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700', '', False, 'files')
2020-05-23 10:29:37,656 [root] DEBUG: DLL loaded at 0x73210000: C:\Windows\system32\msimtf (0xb000 bytes).
2020-05-23 10:29:37,671 [root] DEBUG: DLL loaded at 0x72B10000: C:\Windows\system32\msls31 (0x31000 bytes).
2020-05-23 10:29:37,671 [root] DEBUG: DLL loaded at 0x70C20000: C:\Windows\system32\d2d1 (0x347000 bytes).
2020-05-23 10:29:37,687 [root] DEBUG: DLL loaded at 0x70AE0000: C:\Windows\system32\DWrite (0x136000 bytes).
2020-05-23 10:29:37,687 [root] DEBUG: DLL loaded at 0x72AC0000: C:\Windows\system32\dxgi (0x4c000 bytes).
2020-05-23 10:29:37,687 [root] DEBUG: DLL loaded at 0x731F0000: C:\Windows\system32\dwmapi (0x13000 bytes).
2020-05-23 10:29:37,703 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\syswow64\setupapi (0x19d000 bytes).
2020-05-23 10:29:37,703 [root] DEBUG: DLL loaded at 0x75E60000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2020-05-23 10:29:37,718 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2020-05-23 10:29:37,718 [root] DEBUG: DLL loaded at 0x75F10000: C:\Windows\syswow64\WINTRUST (0x2f000 bytes).
2020-05-23 10:29:37,718 [root] DEBUG: DLL loaded at 0x761F0000: C:\Windows\syswow64\CRYPT32 (0x122000 bytes).
2020-05-23 10:29:37,718 [root] DEBUG: DLL loaded at 0x76AA0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2020-05-23 10:29:37,734 [root] DEBUG: DLL unloaded from 0x76790000.
2020-05-23 10:29:37,750 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\syswow64\setupapi (0x19d000 bytes).
2020-05-23 10:29:37,765 [root] DEBUG: DLL loaded at 0x75E60000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2020-05-23 10:29:37,765 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2020-05-23 10:29:37,796 [root] DEBUG: DLL unloaded from 0x75F40000.
2020-05-23 10:29:37,796 [root] DEBUG: DLL loaded at 0x706B0000: C:\Windows\system32\d3d11 (0x175000 bytes).
2020-05-23 10:29:37,812 [root] DEBUG: DLL loaded at 0x704C0000: C:\Windows\system32\D3D10Warp (0x1ea000 bytes).
2020-05-23 10:29:37,812 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:37,812 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:37,828 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\syswow64\setupapi (0x19d000 bytes).
2020-05-23 10:29:37,828 [root] DEBUG: DLL loaded at 0x75E60000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2020-05-23 10:29:37,828 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2020-05-23 10:29:37,828 [root] DEBUG: DLL unloaded from 0x76790000.
2020-05-23 10:29:37,859 [root] DEBUG: DLL loaded at 0x76790000: C:\Windows\syswow64\setupapi (0x19d000 bytes).
2020-05-23 10:29:37,859 [root] DEBUG: DLL loaded at 0x75E60000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2020-05-23 10:29:37,859 [root] DEBUG: DLL loaded at 0x74B30000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2020-05-23 10:29:37,875 [root] DEBUG: DLL unloaded from 0x75F40000.
2020-05-23 10:29:37,875 [root] DEBUG: DLL unloaded from 0x704C0000.
2020-05-23 10:29:37,906 [root] DEBUG: DLL loaded at 0x72A90000: C:\Windows\system32\MLANG (0x2e000 bytes).
2020-05-23 10:29:37,906 [root] DEBUG: DLL loaded at 0x702C0000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2020-05-23 10:29:38,828 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:38,828 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:39,828 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:39,828 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:40,828 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:40,828 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:41,843 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:41,843 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:42,812 [root] DEBUG: DLL loaded at 0x70A80000: C:\Windows\System32\netprofm (0x5a000 bytes).
2020-05-23 10:29:42,812 [root] DEBUG: DLL loaded at 0x72A80000: C:\Windows\System32\nlaapi (0x10000 bytes).
2020-05-23 10:29:42,859 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:42,859 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:42,875 [root] DEBUG: DLL loaded at 0x72A70000: C:\Windows\System32\npmproxy (0x8000 bytes).
2020-05-23 10:29:43,875 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:43,875 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:44,875 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:44,875 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:45,890 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:45,890 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:46,906 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:46,906 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:47,921 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:47,921 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:48,937 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:48,937 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:48,953 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2616
2020-05-23 10:29:49,953 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:49,953 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:50,968 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:50,968 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:51,125 [root] DEBUG: DLL unloaded from 0x74DF0000.
2020-05-23 10:29:51,968 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:51,968 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:52,984 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:52,984 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:54,000 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:54,000 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:55,000 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:55,000 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:56,015 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:56,015 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:57,015 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:57,015 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:58,015 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:58,015 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:29:59,015 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:29:59,015 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:00,093 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:00,093 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:01,109 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:01,109 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:02,125 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:02,125 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:03,140 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:03,140 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:04,140 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:04,140 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:05,156 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:05,156 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:06,156 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:06,156 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:07,171 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:07,171 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:08,171 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:08,171 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:09,171 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:09,171 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:10,171 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:10,171 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:11,187 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:11,187 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:12,187 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:12,187 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:13,203 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:13,203 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:14,203 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:14,203 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:15,203 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:15,203 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:16,203 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:16,203 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:17,218 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:17,218 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:18,234 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:18,234 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:19,234 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:19,234 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:20,234 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:20,234 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:21,234 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:21,234 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:22,234 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:22,234 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:23,249 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:23,249 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:24,265 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:24,265 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:25,281 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:25,281 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:26,296 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:26,296 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:27,343 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:27,343 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:28,375 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:28,375 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:29,406 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:29,406 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:30,421 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:30,421 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:31,437 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:31,437 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:32,453 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:32,453 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:33,453 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:33,453 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:33,468 [root] DEBUG: DLL loaded at 0x70A80000: C:\Windows\System32\netprofm (0x5a000 bytes).
2020-05-23 10:30:33,468 [root] DEBUG: DLL loaded at 0x72A80000: C:\Windows\System32\nlaapi (0x10000 bytes).
2020-05-23 10:30:33,484 [root] DEBUG: DLL loaded at 0x72A70000: C:\Windows\System32\npmproxy (0x8000 bytes).
2020-05-23 10:30:34,453 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:34,453 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:35,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:35,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:36,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:36,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:37,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:37,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:38,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:38,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:39,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:39,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:40,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:40,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:41,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:41,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:42,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:42,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:43,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:43,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:44,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:44,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:45,468 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:45,468 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:46,484 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:46,484 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:47,500 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:47,500 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:48,515 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:48,515 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:49,515 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:49,515 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:50,515 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:50,515 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:51,515 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:51,515 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:52,515 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:52,515 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:53,531 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:53,531 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:54,531 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:54,531 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:55,546 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:55,546 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:56,593 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:56,593 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:57,593 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:57,593 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:58,593 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:58,593 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:30:59,593 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:30:59,593 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:31:00,593 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:31:00,593 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:31:01,593 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:31:01,593 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:31:02,593 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:31:02,593 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:31:03,609 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:31:03,609 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:31:04,609 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:31:04,609 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:31:05,625 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:31:05,625 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:31:06,625 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:31:06,625 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:31:07,625 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:31:07,625 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:31:08,640 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:31:08,640 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:31:09,640 [root] INFO: ('delete_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe')
2020-05-23 10:31:09,640 [root] INFO: ('dump_file', 'C:\\Users\\Louise\\AppData\\Local\\Temp\\data.exe', '', False, 'files')
2020-05-23 10:32:28,249 [root] INFO: Analysis timeout hit, terminating analysis.
2020-05-23 10:32:28,249 [lib.api.process] INFO: Terminate event set for process 2616
2020-05-23 10:32:33,249 [lib.api.process] INFO: Termination confirmed for process 2616
2020-05-23 10:32:33,249 [root] INFO: Terminate event set for process 2616.
2020-05-23 10:32:33,249 [lib.api.process] INFO: Terminate event set for process 3180
2020-05-23 10:32:33,406 [root] DEBUG: Terminate Event: Attempting to dump process 3180
2020-05-23 10:32:33,421 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00400000.
2020-05-23 10:32:33,421 [root] DEBUG: ApiReader: module list size: 79
2020-05-23 10:32:33,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,437 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,656 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:33,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:33,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-05-23 10:32:33,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\KernelBase.dll
2020-05-23 10:32:33,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptsp.dll
2020-05-23 10:32:33,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ntdll.dll
2020-05-23 10:32:33,734 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-05-23 10:32:33,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msvcrt.dll
2020-05-23 10:32:33,734 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-05-23 10:32:33,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sechost.dll
2020-05-23 10:32:33,734 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-05-23 10:32:33,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-05-23 10:32:33,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-05-23 10:32:33,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-05-23 10:32:33,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rpcrt4.dll
2020-05-23 10:32:33,750 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:33,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:33,750 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-05-23 10:32:33,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptbase.dll
2020-05-23 10:32:33,765 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:33,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:33,765 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,765 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,781 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-05-23 10:32:33,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\lpk.dll
2020-05-23 10:32:33,781 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-05-23 10:32:33,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\usp10.dll
2020-05-23 10:32:33,781 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:33,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:33,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:33,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:33,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:33,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:34,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\comdlg32.dll
2020-05-23 10:32:34,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\comdlg32.dll
2020-05-23 10:32:34,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\comdlg32.dll
2020-05-23 10:32:34,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\comdlg32.dll
2020-05-23 10:32:34,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\gdi32.dll
2020-05-23 10:32:34,125 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-05-23 10:32:34,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\psapi.dll
2020-05-23 10:32:34,125 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\httpapi.dll
2020-05-23 10:32:34,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\httpapi.dll
2020-05-23 10:32:34,125 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\Wldap32.dll
2020-05-23 10:32:34,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\Wldap32.dll
2020-05-23 10:32:34,125 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-05-23 10:32:34,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\imm32.dll
2020-05-23 10:32:34,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,140 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-05-23 10:32:34,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msctf.dll
2020-05-23 10:32:34,140 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2020-05-23 10:32:34,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2020-05-23 10:32:34,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
2020-05-23 10:32:34,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
2020-05-23 10:32:34,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\comdlg32.dll
2020-05-23 10:32:34,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\comdlg32.dll
2020-05-23 10:32:34,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:34,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,265 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msimg32.dll
2020-05-23 10:32:34,265 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msimg32.dll
2020-05-23 10:32:34,265 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-05-23 10:32:34,281 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\oleaut32.dll
2020-05-23 10:32:34,281 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-05-23 10:32:34,281 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-05-23 10:32:34,281 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,281 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,281 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wininet.dll
2020-05-23 10:32:34,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\wininet.dll
2020-05-23 10:32:34,296 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2020-05-23 10:32:34,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2020-05-23 10:32:34,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\user32.dll
2020-05-23 10:32:34,328 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2020-05-23 10:32:34,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2020-05-23 10:32:34,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,500 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,515 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,531 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,546 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,562 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,578 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,593 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,609 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:34,625 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2020-05-23 10:32:34,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2020-05-23 10:32:34,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-05-23 10:32:34,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-05-23 10:32:34,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-05-23 10:32:34,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-05-23 10:32:34,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-05-23 10:32:34,625 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\version.dll
2020-05-23 10:32:34,640 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2020-05-23 10:32:34,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2020-05-23 10:32:34,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\normaliz.dll
2020-05-23 10:32:34,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\normaliz.dll
2020-05-23 10:32:34,640 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\normaliz.dll
2020-05-23 10:32:34,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\normaliz.dll
2020-05-23 10:32:34,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,640 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\kernel32.dll
2020-05-23 10:32:34,656 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\iertutil.dll
2020-05-23 10:32:34,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\iertutil.dll
2020-05-23 10:32:34,656 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2020-05-23 10:32:34,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2020-05-23 10:32:34,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,656 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,671 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,687 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,703 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,718 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,734 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,750 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,765 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,781 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,796 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,812 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,828 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,843 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,859 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,875 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:34,890 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\profapi.dll
2020-05-23 10:32:34,890 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\secur32.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\secur32.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,890 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,906 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,921 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,937 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,953 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,968 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:34,984 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,000 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,015 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,031 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,046 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,062 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\sspicli.dll
2020-05-23 10:32:35,078 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2020-05-23 10:32:35,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2020-05-23 10:32:35,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,078 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\advapi32.dll
2020-05-23 10:32:35,093 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2020-05-23 10:32:35,093 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,109 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,125 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,140 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,156 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ole32.dll
2020-05-23 10:32:35,171 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-05-23 10:32:35,171 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ws2_32.dll
2020-05-23 10:32:35,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-05-23 10:32:35,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\nsi.dll
2020-05-23 10:32:35,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\IPHLPAPI.DLL
2020-05-23 10:32:35,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\IPHLPAPI.DLL
2020-05-23 10:32:35,187 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\winnsi.dll
2020-05-23 10:32:35,187 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\winnsi.dll
2020-05-23 10:32:35,203 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2020-05-23 10:32:35,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2020-05-23 10:32:35,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,203 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,218 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,234 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,249 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,281 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,281 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,281 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,281 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,281 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,296 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,312 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,328 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shlwapi.dll
2020-05-23 10:32:35,328 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dnsapi.dll
2020-05-23 10:32:35,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\dnsapi.dll
2020-05-23 10:32:35,343 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\mswsock.dll
2020-05-23 10:32:35,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\mswsock.dll
2020-05-23 10:32:35,343 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wship6.dll
2020-05-23 10:32:35,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\wship6.dll
2020-05-23 10:32:35,343 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\clbcatq.dll
2020-05-23 10:32:35,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\clbcatq.dll
2020-05-23 10:32:35,343 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dhcpcsvc6.dll
2020-05-23 10:32:35,343 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\dhcpcsvc6.dll
2020-05-23 10:32:35,343 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\cryptsp.dll
2020-05-23 10:32:35,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\cryptsp.dll
2020-05-23 10:32:35,359 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rsaenh.dll
2020-05-23 10:32:35,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rsaenh.dll
2020-05-23 10:32:35,359 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\RpcRtRemote.dll
2020-05-23 10:32:35,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\RpcRtRemote.dll
2020-05-23 10:32:35,359 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll
2020-05-23 10:32:35,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\urlmon.dll
2020-05-23 10:32:35,359 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dhcpcsvc.dll
2020-05-23 10:32:35,359 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\dhcpcsvc.dll
2020-05-23 10:32:35,359 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\WSHTCPIP.DLL
2020-05-23 10:32:35,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\WSHTCPIP.DLL
2020-05-23 10:32:35,375 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\rasadhlp.dll
2020-05-23 10:32:35,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\rasadhlp.dll
2020-05-23 10:32:35,375 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\FWPUCLNT.DLL
2020-05-23 10:32:35,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\FWPUCLNT.DLL
2020-05-23 10:32:35,375 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
2020-05-23 10:32:35,375 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
2020-05-23 10:32:35,375 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\ieframe.dll
2020-05-23 10:32:35,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\ieframe.dll
2020-05-23 10:32:35,390 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2020-05-23 10:32:35,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2020-05-23 10:32:35,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:35,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:35,390 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\shell32.dll
2020-05-23 10:32:35,406 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-05-23 10:32:35,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\apphelp.dll
2020-05-23 10:32:35,406 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\mshtml.dll
2020-05-23 10:32:35,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\mshtml.dll
2020-05-23 10:32:35,406 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\uxtheme.dll
2020-05-23 10:32:35,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\uxtheme.dll
2020-05-23 10:32:35,406 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msimtf.dll
2020-05-23 10:32:35,406 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msimtf.dll
2020-05-23 10:32:35,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msls31.dll
2020-05-23 10:32:35,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msls31.dll
2020-05-23 10:32:35,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\d2d1.dll
2020-05-23 10:32:35,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\d2d1.dll
2020-05-23 10:32:35,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\DWrite.dll
2020-05-23 10:32:35,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\DWrite.dll
2020-05-23 10:32:35,421 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dxgi.dll
2020-05-23 10:32:35,421 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\dxgi.dll
2020-05-23 10:32:35,437 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\dwmapi.dll
2020-05-23 10:32:35,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\dwmapi.dll
2020-05-23 10:32:35,437 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\wintrust.dll
2020-05-23 10:32:35,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\wintrust.dll
2020-05-23 10:32:35,437 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\crypt32.dll
2020-05-23 10:32:35,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\crypt32.dll
2020-05-23 10:32:35,437 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\msasn1.dll
2020-05-23 10:32:35,437 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\msasn1.dll
2020-05-23 10:32:35,453 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\d3d11.dll
2020-05-23 10:32:35,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\d3d11.dll
2020-05-23 10:32:35,453 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\d3d10warp.dll
2020-05-23 10:32:35,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\d3d10warp.dll
2020-05-23 10:32:35,453 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\mlang.dll
2020-05-23 10:32:35,453 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\mlang.dll
2020-05-23 10:32:35,468 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\propsys.dll
2020-05-23 10:32:35,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\propsys.dll
2020-05-23 10:32:35,468 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\netprofm.dll
2020-05-23 10:32:35,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\netprofm.dll
2020-05-23 10:32:35,468 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\nlaapi.dll
2020-05-23 10:32:35,468 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\nlaapi.dll
2020-05-23 10:32:35,484 [root] DEBUG: Module parsing: \Device\HarddiskVolume2\Windows\SysWOW64\npmproxy.dll
2020-05-23 10:32:35,484 [root] DEBUG: isModuleLoadedInOwnProcess returned false: \Device\HarddiskVolume2\Windows\SysWOW64\npmproxy.dll
2020-05-23 10:32:35,484 [root] DEBUG: DumpProcessFixImports: Instantiating PeParser with address: 0x00400000
2020-05-23 10:32:35,484 [root] DEBUG: DumpProcessFixImports: Module entry point VA is 0x004AEF70
2020-05-23 10:32:35,484 [root] DEBUG: Module image dump success
2020-05-23 10:32:35,562 [root] DEBUG: IAT Search Adv: Found 317 (0x13D) possible IAT entries.
2020-05-23 10:32:35,562 [root] DEBUG: IAT Search Adv: Possible IAT first 0044F000 last 0044F524 entry.
2020-05-23 10:32:35,562 [root] DEBUG: DumpProcessFixImports: Found IAT - 0x44f000, size: 0x528
2020-05-23 10:32:35,562 [root] DEBUG: IAT parsing finished, found 318 valid APIs, missed 0 APIs
2020-05-23 10:32:35,562 [root] DEBUG: Adding module to module list: advapi32.dll
2020-05-23 10:32:35,562 [root] DEBUG: Adding module to module list: comctl32.dll
2020-05-23 10:32:35,578 [root] DEBUG: Adding module to module list: comdlg32.dll
2020-05-23 10:32:35,578 [root] DEBUG: Adding module to module list: gdi32.dll
2020-05-23 10:32:35,578 [root] DEBUG: Adding module to module list: kernel32.dll
2020-05-23 10:32:35,578 [root] DEBUG: Adding module to module list: msimg32.dll
2020-05-23 10:32:35,578 [root] DEBUG: Adding module to module list: oleaut32.dll
2020-05-23 10:32:35,578 [root] DEBUG: Adding module to module list: psapi.dll
2020-05-23 10:32:35,578 [root] DEBUG: Adding module to module list: shell32.dll
2020-05-23 10:32:35,593 [root] DEBUG: Adding module to module list: user32.dll
2020-05-23 10:32:35,593 [root] DEBUG: Adding module to module list: version.dll
2020-05-23 10:32:35,593 [root] DEBUG: Adding module to module list: wininet.dll
2020-05-23 10:32:35,593 [root] DEBUG: Adding module to module list: ole32.dll
2020-05-23 10:32:35,593 [root] DEBUG: Warning - IAT is not inside the PE image, requires rebasing.
2020-05-23 10:32:35,593 [root] DEBUG: Invalid PE file: import table rebuild failed.
2020-05-23 10:32:35,593 [root] DEBUG: Import table rebuild failed, falling back to unfixed dump.
2020-05-23 10:32:35,625 [root] INFO: b'C:\\NUAMHTiLfa\\CAPE\\3180_94519179335321623652020|3180|0;?C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700.exe;?C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700.exe;?'
2020-05-23 10:32:35,625 [root] INFO: cape
2020-05-23 10:32:35,625 [root] INFO: ('dump_file', 'C:\\NUAMHTiLfa\\CAPE\\3180_94519179335321623652020', b'0;?C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700.exe;?C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700.exe;?', ['3180'], 'procdump')
2020-05-23 10:32:35,656 [root] INFO: ('dump_file', 'C:\\NUAMHTiLfa\\CAPE\\3180_94519179335321623652020', '', False, 'files')
2020-05-23 10:32:35,671 [root] DEBUG: DoProcessDump: Created dump file for full process memory dump: C:\NUAMHTiLfa\memory\3180.dmp.
2020-05-23 10:32:35,687 [root] DEBUG: DumpInterestingRegions: Dumping calling region at 0x00340000.
2020-05-23 10:32:35,687 [root] INFO: ('dump_file', 'C:\\NUAMHTiLfa\\CAPE\\3180_14178708935321623652020', b'9;?C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700.exe;?C:\\ProgramData\\nMpEgLh21700\\nMpEgLh21700.exe;?0x00340000;?', ['3180'], 'CAPE')
2020-05-23 10:32:35,703 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\NUAMHTiLfa\CAPE\3180_14178708935321623652020 (size 0x56f)
2020-05-23 10:32:35,703 [root] DEBUG: DumpRegion: Dumped stack region from 0x00340000, size 0x1000.
2020-05-23 10:32:38,249 [lib.api.process] INFO: Termination confirmed for process 3180
2020-05-23 10:32:38,249 [root] INFO: Terminate event set for process 3180.
2020-05-23 10:32:38,249 [root] INFO: Created shutdown mutex.
2020-05-23 10:32:39,249 [root] INFO: Shutting down package.
2020-05-23 10:32:39,281 [lib.api.process] ERROR: Unable to dump 32-bit process with pid 2616, error: 4294967286
2020-05-23 10:32:39,312 [lib.api.process] ERROR: Unable to dump 32-bit process with pid 3180, error: 4294967286
2020-05-23 10:32:39,312 [root] INFO: Stopping auxiliary modules.
2020-05-23 10:32:39,484 [lib.common.results] WARNING: File C:\NUAMHTiLfa\bin\procmon.xml doesn't exist anymore
2020-05-23 10:32:39,484 [root] INFO: Finishing auxiliary modules.
2020-05-23 10:32:39,484 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-05-23 10:32:39,484 [root] WARNING: Folder at path "C:\NUAMHTiLfa\debugger" does not exist, skip.
2020-05-23 10:32:39,515 [root] INFO: Analysis completed.
2020-05-23 10:32:39,828 [root] DEBUG: DoProcessDump: Full process memory dump saved to file: C:\NUAMHTiLfa\memory\3180.dmp.

Machine

Name Label Manager Started On Shutdown On
win7x64_4 win7x64_8 KVM 2020-05-23 10:29:05 2020-05-23 10:34:01

File Details

File Name data.exe
File Size 317952 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
PE timestamp 2011-01-12 13:59:58
MD5 8626242719c85dfbd4eb6541c7e321e0
SHA1 234b21dec82afce0d97f21c58d17ddcfdabe5453
SHA256 6cf7ad81cf756c7bef56e3a244032f4881ab4eac13f3aea22dc1744673b53cfe
SHA512 abe6db03e46bd03070085cd75a632437d894b21566c8e96e4fc93fb2dcf0c95922b7c5244f4396d065e0e351cba8ff5bdd643ca6178902513aa3806f98f5bb53
CRC32 DE517867
Ssdeep 6144:bssS02/oPbqhjCVTS/EGQalR+pSXSYZaKYxzXpztpz6cI0:LS0YI5FS/vQxBYQtzRVI0
Download Download ZIP Resubmit sample

Signatures

Behavioural detection: Executable code extraction
SetUnhandledExceptionFilter detected (possible anti-debug)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 3180 trigged the Yara rule 'vmdetect'
Creates RWX memory
Anomalous file deletion behavior detected (10+)
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
DeletedFile: C:\Users\Louise\AppData\Local\Temp\data.exe
A process attempted to delay the analysis task.
Process: nMpEgLh21700.exe tried to sleep 876.904 seconds, actually delayed analysis time by 0.0 seconds
Dynamic (imported) function loading detected
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMDLG32.dll/GetSaveFileNameA
DynamicLoader: GDI32.dll/LineTo
DynamicLoader: MSIMG32.dll/AlphaBlend
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PSAPI.DLL/GetModuleFileNameExA
DynamicLoader: SHELL32.dll/SHGetMalloc
DynamicLoader: USER32.dll/GetDC
DynamicLoader: VERSION.dll/VerQueryValueA
DynamicLoader: WININET.dll/InternetOpenA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/OpenMutexA
DynamicLoader: kernel32.dll/CreateThread
DynamicLoader: kernel32.dll/ResumeThread
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/DuplicateHandle
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/WriteProcessMemory
DynamicLoader: kernel32.dll/OutputDebugStringA
DynamicLoader: kernel32.dll/CreateRemoteThread
DynamicLoader: kernel32.dll/GetTempFileNameA
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/GetCommandLineW
DynamicLoader: kernel32.dll/DeleteFileW
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/GetTempPathA
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/lstrlenW
DynamicLoader: kernel32.dll/QueryPerformanceFrequency
DynamicLoader: kernel32.dll/QueryPerformanceCounter
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GlobalMemoryStatus
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/GetSystemInfo
DynamicLoader: kernel32.dll/GetComputerNameA
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/WaitForSingleObjectEx
DynamicLoader: kernel32.dll/TerminateThread
DynamicLoader: kernel32.dll/QueryDosDeviceA
DynamicLoader: kernel32.dll/IsBadReadPtr
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/SystemTimeToFileTime
DynamicLoader: kernel32.dll/FileTimeToSystemTime
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/GetTimeZoneInformation
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/GetFileAttributesA
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/GlobalAlloc
DynamicLoader: kernel32.dll/GlobalFree
DynamicLoader: kernel32.dll/GlobalLock
DynamicLoader: kernel32.dll/GlobalUnlock
DynamicLoader: kernel32.dll/GlobalReAlloc
DynamicLoader: kernel32.dll/GetProcessHeap
DynamicLoader: kernel32.dll/HeapAlloc
DynamicLoader: kernel32.dll/HeapFree
DynamicLoader: kernel32.dll/GetSystemTimeAsFileTime
DynamicLoader: kernel32.dll/GetEnvironmentStringsW
DynamicLoader: kernel32.dll/FreeEnvironmentStringsW
DynamicLoader: kernel32.dll/GetEnvironmentStrings
DynamicLoader: kernel32.dll/FreeEnvironmentStringsA
DynamicLoader: kernel32.dll/HeapReAlloc
DynamicLoader: kernel32.dll/HeapCreate
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/SetHandleCount
DynamicLoader: kernel32.dll/LCMapStringW
DynamicLoader: kernel32.dll/LCMapStringA
DynamicLoader: kernel32.dll/IsValidCodePage
DynamicLoader: kernel32.dll/GetOEMCP
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/HeapSize
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/SetLastError
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/GetModuleHandleW
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: kernel32.dll/SetUnhandledExceptionFilter
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/GetSystemDirectoryA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/Process32Next
DynamicLoader: kernel32.dll/GetTickCount
DynamicLoader: kernel32.dll/TerminateProcess
DynamicLoader: kernel32.dll/lstrcmpiA
DynamicLoader: kernel32.dll/Process32First
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
DynamicLoader: kernel32.dll/GetSystemTime
DynamicLoader: kernel32.dll/RemoveDirectoryA
DynamicLoader: kernel32.dll/SetFileAttributesA
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FindNextFileA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/DeleteFileA
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/CreateMutexA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: kernel32.dll/SetProcessAffinityMask
DynamicLoader: kernel32.dll/GetProcessAffinityMask
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/UnmapViewOfFile
DynamicLoader: kernel32.dll/lstrcatA
DynamicLoader: kernel32.dll/lstrcmpA
DynamicLoader: kernel32.dll/MapViewOfFileEx
DynamicLoader: kernel32.dll/CreateFileMappingA
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/lstrcpyA
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/GetStringTypeA
DynamicLoader: kernel32.dll/GetStringTypeW
DynamicLoader: kernel32.dll/SetStdHandle
DynamicLoader: kernel32.dll/GetConsoleCP
DynamicLoader: kernel32.dll/GetConsoleMode
DynamicLoader: kernel32.dll/FlushFileBuffers
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/WriteConsoleA
DynamicLoader: kernel32.dll/GetConsoleOutputCP
DynamicLoader: kernel32.dll/WriteConsoleW
DynamicLoader: kernel32.dll/SetCurrentDirectoryA
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueA
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegCreateKeyExA
DynamicLoader: ADVAPI32.dll/RegDeleteValueA
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/EqualSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: COMCTL32.dll/_TrackMouseEvent
DynamicLoader: COMCTL32.dll/InitCommonControlsEx
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/ImageList_Create
DynamicLoader: COMCTL32.dll/ImageList_ReplaceIcon
DynamicLoader: COMCTL32.dll/ImageList_Destroy
DynamicLoader: COMDLG32.dll/GetSaveFileNameA
DynamicLoader: GDI32.dll/LineTo
DynamicLoader: GDI32.dll/SetBkColor
DynamicLoader: GDI32.dll/GetTextMetricsA
DynamicLoader: GDI32.dll/CreateRectRgn
DynamicLoader: GDI32.dll/CombineRgn
DynamicLoader: GDI32.dll/StretchBlt
DynamicLoader: GDI32.dll/AngleArc
DynamicLoader: GDI32.dll/RoundRect
DynamicLoader: GDI32.dll/GetDIBits
DynamicLoader: GDI32.dll/ExtCreateRegion
DynamicLoader: GDI32.dll/MoveToEx
DynamicLoader: GDI32.dll/GetTextColor
DynamicLoader: GDI32.dll/GetStockObject
DynamicLoader: GDI32.dll/CreateFontIndirectA
DynamicLoader: GDI32.dll/GetCurrentPositionEx
DynamicLoader: GDI32.dll/SaveDC
DynamicLoader: GDI32.dll/GetTextExtentPoint32A
DynamicLoader: GDI32.dll/RestoreDC
DynamicLoader: GDI32.dll/SetDIBits
DynamicLoader: GDI32.dll/CreateDIBitmap
DynamicLoader: GDI32.dll/CreateCompatibleBitmap
DynamicLoader: GDI32.dll/GetDeviceCaps
DynamicLoader: GDI32.dll/GetObjectA
DynamicLoader: GDI32.dll/DeleteDC
DynamicLoader: GDI32.dll/Rectangle
DynamicLoader: GDI32.dll/DeleteObject
DynamicLoader: GDI32.dll/GetTextExtentPointA
DynamicLoader: GDI32.dll/CreateFontA
DynamicLoader: GDI32.dll/SetTextColor
DynamicLoader: GDI32.dll/SetBkMode
DynamicLoader: GDI32.dll/BitBlt
DynamicLoader: GDI32.dll/CreateSolidBrush
DynamicLoader: GDI32.dll/CreatePen
DynamicLoader: GDI32.dll/SelectObject
DynamicLoader: GDI32.dll/CreateDIBSection
DynamicLoader: GDI32.dll/CreateCompatibleDC
DynamicLoader: GDI32.dll/CreateBitmap
DynamicLoader: GDI32.dll/CreateDCA
DynamicLoader: MSIMG32.dll/AlphaBlend
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PSAPI.DLL/GetProcessImageFileNameA
DynamicLoader: PSAPI.DLL/GetModuleFileNameExA
DynamicLoader: SHELL32.dll/SHAppBarMessage
DynamicLoader: SHELL32.dll/CommandLineToArgvW
DynamicLoader: SHELL32.dll/ShellExecuteA
DynamicLoader: SHELL32.dll/SHGetFolderPathA
DynamicLoader: SHELL32.dll/Shell_NotifyIconA
DynamicLoader: SHELL32.dll/SHGetPathFromIDListA
DynamicLoader: SHELL32.dll/SHGetSpecialFolderLocation
DynamicLoader: SHELL32.dll/SHGetMalloc
DynamicLoader: USER32.dll/GetUpdateRect
DynamicLoader: USER32.dll/UnregisterClassA
DynamicLoader: USER32.dll/CloseWindow
DynamicLoader: USER32.dll/DestroyIcon
DynamicLoader: USER32.dll/GetSysColor
DynamicLoader: USER32.dll/SetRect
DynamicLoader: USER32.dll/GetWindowRgn
DynamicLoader: USER32.dll/CopyRect
DynamicLoader: USER32.dll/IntersectRect
DynamicLoader: USER32.dll/EndPaint
DynamicLoader: USER32.dll/BeginPaint
DynamicLoader: USER32.dll/PostQuitMessage
DynamicLoader: USER32.dll/SetWindowLongA
DynamicLoader: USER32.dll/GetWindowLongA
DynamicLoader: USER32.dll/DrawFocusRect
DynamicLoader: USER32.dll/DrawFrameControl
DynamicLoader: USER32.dll/GetWindowTextA
DynamicLoader: USER32.dll/InflateRect
DynamicLoader: USER32.dll/CreateWindowExA
DynamicLoader: USER32.dll/SetWindowRgn
DynamicLoader: USER32.dll/CallWindowProcA
DynamicLoader: USER32.dll/DrawIconEx
DynamicLoader: USER32.dll/ReleaseDC
DynamicLoader: USER32.dll/GetParent
DynamicLoader: USER32.dll/LoadCursorA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/SetForegroundWindow
DynamicLoader: USER32.dll/DispatchMessageA
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/GetPropA
DynamicLoader: USER32.dll/GetMessageA
DynamicLoader: USER32.dll/CloseClipboard
DynamicLoader: USER32.dll/GetClipboardData
DynamicLoader: USER32.dll/OpenClipboard
DynamicLoader: USER32.dll/FindWindowA
DynamicLoader: USER32.dll/RegisterClassExA
DynamicLoader: USER32.dll/GetClassInfoExA
DynamicLoader: USER32.dll/EnumChildWindows
DynamicLoader: USER32.dll/SetFocus
DynamicLoader: USER32.dll/SetParent
DynamicLoader: USER32.dll/RegisterWindowMessageA
DynamicLoader: USER32.dll/MessageBoxExA
DynamicLoader: USER32.dll/LoadMenuA
DynamicLoader: USER32.dll/GetSubMenu
DynamicLoader: USER32.dll/DestroyMenu
DynamicLoader: USER32.dll/SetMenuDefaultItem
DynamicLoader: USER32.dll/GetCursorPos
DynamicLoader: USER32.dll/TrackPopupMenu
DynamicLoader: USER32.dll/GetMenuItemID
DynamicLoader: USER32.dll/GetClassNameA
DynamicLoader: USER32.dll/DrawAnimatedRects
DynamicLoader: USER32.dll/RedrawWindow
DynamicLoader: USER32.dll/FillRect
DynamicLoader: USER32.dll/CreateIconIndirect
DynamicLoader: USER32.dll/GetIconInfo
DynamicLoader: USER32.dll/GetDCEx
DynamicLoader: USER32.dll/LoadIconA
DynamicLoader: USER32.dll/GetForegroundWindow
DynamicLoader: USER32.dll/GetClientRect
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/PostMessageA
DynamicLoader: USER32.dll/SystemParametersInfoA
DynamicLoader: USER32.dll/GetWindowRect
DynamicLoader: USER32.dll/GetDesktopWindow
DynamicLoader: USER32.dll/wsprintfW
DynamicLoader: USER32.dll/SetPropA
DynamicLoader: USER32.dll/SendMessageA
DynamicLoader: USER32.dll/MessageBeep
DynamicLoader: USER32.dll/KillTimer
DynamicLoader: USER32.dll/SetTimer
DynamicLoader: USER32.dll/DestroyWindow
DynamicLoader: USER32.dll/SetActiveWindow
DynamicLoader: USER32.dll/GetActiveWindow
DynamicLoader: USER32.dll/EnableWindow
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/LoadImageA
DynamicLoader: USER32.dll/ExitWindowsEx
DynamicLoader: USER32.dll/ShowCursor
DynamicLoader: USER32.dll/SetCursor
DynamicLoader: USER32.dll/GetDC
DynamicLoader: USER32.dll/EnumDesktopWindows
DynamicLoader: USER32.dll/OpenInputDesktop
DynamicLoader: USER32.dll/EnumWindows
DynamicLoader: USER32.dll/ChangeDisplaySettingsA
DynamicLoader: USER32.dll/EnumDisplaySettingsA
DynamicLoader: USER32.dll/DrawTextA
DynamicLoader: USER32.dll/wsprintfA
DynamicLoader: USER32.dll/InvalidateRect
DynamicLoader: USER32.dll/SetWindowPos
DynamicLoader: USER32.dll/ShowWindow
DynamicLoader: USER32.dll/UpdateWindow
DynamicLoader: USER32.dll/DefWindowProcA
DynamicLoader: VERSION.dll/VerQueryValueA
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeA
DynamicLoader: VERSION.dll/GetFileVersionInfoA
DynamicLoader: WININET.dll/HttpSendRequestA
DynamicLoader: WININET.dll/HttpOpenRequestA
DynamicLoader: WININET.dll/InternetCloseHandle
DynamicLoader: WININET.dll/InternetOpenA
DynamicLoader: WININET.dll/HttpEndRequestA
DynamicLoader: WININET.dll/InternetQueryDataAvailable
DynamicLoader: WININET.dll/InternetReadFile
DynamicLoader: WININET.dll/InternetConnectA
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/RtlNtStatusToDosError
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/NtTerminateProcess
DynamicLoader: ntdll.dll/NtTerminateThread
DynamicLoader: ntdll.dll/NtGetNextProcess
DynamicLoader: ntdll.dll/NtOpenProcess
DynamicLoader: ntdll.dll/NtClose
DynamicLoader: ntdll.dll/NtDuplicateObject
DynamicLoader: ntdll.dll/RtlGetVersion
DynamicLoader: ntdll.dll/RtlCreateUserThread
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: IPHLPAPI.DLL/NotifyIpInterfaceChange
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventWrite
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance
DynamicLoader: IPHLPAPI.DLL/NotifyUnicastIpAddressChange
DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
DynamicLoader: WS2_32.dll/GetAddrInfoW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IPHLPAPI.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: IPHLPAPI.DLL/GetIpForwardTable2
DynamicLoader: IPHLPAPI.DLL/GetIpNetEntry2
DynamicLoader: IPHLPAPI.DLL/FreeMibTable
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/StringFromIID
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoSetProxyBlanket
DynamicLoader: ole32.dll/ObjectStublessClient10
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegEnumKeyExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMDLG32.dll/GetSaveFileNameA
DynamicLoader: GDI32.dll/LineTo
DynamicLoader: MSIMG32.dll/AlphaBlend
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PSAPI.DLL/GetModuleFileNameExA
DynamicLoader: SHELL32.dll/SHGetMalloc
DynamicLoader: USER32.dll/GetDC
DynamicLoader: VERSION.dll/VerQueryValueA
DynamicLoader: WININET.dll/InternetOpenA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/OpenMutexA
DynamicLoader: kernel32.dll/CreateThread
DynamicLoader: kernel32.dll/ResumeThread
DynamicLoader: kernel32.dll/InterlockedDecrement
DynamicLoader: kernel32.dll/VirtualAllocEx
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/DuplicateHandle
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/WriteProcessMemory
DynamicLoader: kernel32.dll/OutputDebugStringA
DynamicLoader: kernel32.dll/CreateRemoteThread
DynamicLoader: kernel32.dll/GetTempFileNameA
DynamicLoader: kernel32.dll/FindResourceA
DynamicLoader: kernel32.dll/SizeofResource
DynamicLoader: kernel32.dll/LoadResource
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/GetCommandLineW
DynamicLoader: kernel32.dll/DeleteFileW
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/InitializeCriticalSection
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/GetTempPathA
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/lstrlenW
DynamicLoader: kernel32.dll/QueryPerformanceFrequency
DynamicLoader: kernel32.dll/QueryPerformanceCounter
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/GlobalMemoryStatus
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/GetSystemInfo
DynamicLoader: kernel32.dll/GetComputerNameA
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/WaitForSingleObjectEx
DynamicLoader: kernel32.dll/TerminateThread
DynamicLoader: kernel32.dll/QueryDosDeviceA
DynamicLoader: kernel32.dll/IsBadReadPtr
DynamicLoader: kernel32.dll/GetVersion
DynamicLoader: kernel32.dll/SystemTimeToFileTime
DynamicLoader: kernel32.dll/FileTimeToSystemTime
DynamicLoader: kernel32.dll/FileTimeToLocalFileTime
DynamicLoader: kernel32.dll/GetTimeZoneInformation
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/GetFileAttributesA
DynamicLoader: kernel32.dll/FormatMessageA
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/GlobalAlloc
DynamicLoader: kernel32.dll/GlobalFree
DynamicLoader: kernel32.dll/GlobalLock
DynamicLoader: kernel32.dll/GlobalUnlock
DynamicLoader: kernel32.dll/GlobalReAlloc
DynamicLoader: kernel32.dll/GetProcessHeap
DynamicLoader: kernel32.dll/HeapAlloc
DynamicLoader: kernel32.dll/HeapFree
DynamicLoader: kernel32.dll/GetSystemTimeAsFileTime
DynamicLoader: kernel32.dll/GetEnvironmentStringsW
DynamicLoader: kernel32.dll/FreeEnvironmentStringsW
DynamicLoader: kernel32.dll/GetEnvironmentStrings
DynamicLoader: kernel32.dll/FreeEnvironmentStringsA
DynamicLoader: kernel32.dll/HeapReAlloc
DynamicLoader: kernel32.dll/HeapCreate
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/SetHandleCount
DynamicLoader: kernel32.dll/LCMapStringW
DynamicLoader: kernel32.dll/LCMapStringA
DynamicLoader: kernel32.dll/IsValidCodePage
DynamicLoader: kernel32.dll/GetOEMCP
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/HeapSize
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/SetLastError
DynamicLoader: kernel32.dll/InterlockedIncrement
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/GetModuleHandleW
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/GetStartupInfoA
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: kernel32.dll/SetUnhandledExceptionFilter
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/GetSystemDirectoryA
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/Process32Next
DynamicLoader: kernel32.dll/GetTickCount
DynamicLoader: kernel32.dll/TerminateProcess
DynamicLoader: kernel32.dll/lstrcmpiA
DynamicLoader: kernel32.dll/Process32First
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
DynamicLoader: kernel32.dll/GetSystemTime
DynamicLoader: kernel32.dll/RemoveDirectoryA
DynamicLoader: kernel32.dll/SetFileAttributesA
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/FindNextFileA
DynamicLoader: kernel32.dll/FindFirstFileA
DynamicLoader: kernel32.dll/DeleteFileA
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/CreateMutexA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: kernel32.dll/SetProcessAffinityMask
DynamicLoader: kernel32.dll/GetProcessAffinityMask
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/UnmapViewOfFile
DynamicLoader: kernel32.dll/lstrcatA
DynamicLoader: kernel32.dll/lstrcmpA
DynamicLoader: kernel32.dll/MapViewOfFileEx
DynamicLoader: kernel32.dll/CreateFileMappingA
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/lstrcpyA
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/GetStringTypeA
DynamicLoader: kernel32.dll/GetStringTypeW
DynamicLoader: kernel32.dll/SetStdHandle
DynamicLoader: kernel32.dll/GetConsoleCP
DynamicLoader: kernel32.dll/GetConsoleMode
DynamicLoader: kernel32.dll/FlushFileBuffers
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/WriteConsoleA
DynamicLoader: kernel32.dll/GetConsoleOutputCP
DynamicLoader: kernel32.dll/WriteConsoleW
DynamicLoader: kernel32.dll/SetCurrentDirectoryA
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueA
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegSetValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegCreateKeyExA
DynamicLoader: ADVAPI32.dll/RegDeleteValueA
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/EqualSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: COMCTL32.dll/_TrackMouseEvent
DynamicLoader: COMCTL32.dll/InitCommonControlsEx
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/ImageList_Create
DynamicLoader: COMCTL32.dll/ImageList_ReplaceIcon
DynamicLoader: COMCTL32.dll/ImageList_Destroy
DynamicLoader: COMDLG32.dll/GetSaveFileNameA
DynamicLoader: GDI32.dll/LineTo
DynamicLoader: GDI32.dll/SetBkColor
DynamicLoader: GDI32.dll/GetTextMetricsA
DynamicLoader: GDI32.dll/CreateRectRgn
DynamicLoader: GDI32.dll/CombineRgn
DynamicLoader: GDI32.dll/StretchBlt
DynamicLoader: GDI32.dll/AngleArc
DynamicLoader: GDI32.dll/RoundRect
DynamicLoader: GDI32.dll/GetDIBits
DynamicLoader: GDI32.dll/ExtCreateRegion
DynamicLoader: GDI32.dll/MoveToEx
DynamicLoader: GDI32.dll/GetTextColor
DynamicLoader: GDI32.dll/GetStockObject
DynamicLoader: GDI32.dll/CreateFontIndirectA
DynamicLoader: GDI32.dll/GetCurrentPositionEx
DynamicLoader: GDI32.dll/SaveDC
DynamicLoader: GDI32.dll/GetTextExtentPoint32A
DynamicLoader: GDI32.dll/RestoreDC
DynamicLoader: GDI32.dll/SetDIBits
DynamicLoader: GDI32.dll/CreateDIBitmap
DynamicLoader: GDI32.dll/CreateCompatibleBitmap
DynamicLoader: GDI32.dll/GetDeviceCaps
DynamicLoader: GDI32.dll/GetObjectA
DynamicLoader: GDI32.dll/DeleteDC
DynamicLoader: GDI32.dll/Rectangle
DynamicLoader: GDI32.dll/DeleteObject
DynamicLoader: GDI32.dll/GetTextExtentPointA
DynamicLoader: GDI32.dll/CreateFontA
DynamicLoader: GDI32.dll/SetTextColor
DynamicLoader: GDI32.dll/SetBkMode
DynamicLoader: GDI32.dll/BitBlt
DynamicLoader: GDI32.dll/CreateSolidBrush
DynamicLoader: GDI32.dll/CreatePen
DynamicLoader: GDI32.dll/SelectObject
DynamicLoader: GDI32.dll/CreateDIBSection
DynamicLoader: GDI32.dll/CreateCompatibleDC
DynamicLoader: GDI32.dll/CreateBitmap
DynamicLoader: GDI32.dll/CreateDCA
DynamicLoader: MSIMG32.dll/AlphaBlend
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PSAPI.DLL/GetProcessImageFileNameA
DynamicLoader: PSAPI.DLL/GetModuleFileNameExA
DynamicLoader: SHELL32.dll/SHAppBarMessage
DynamicLoader: SHELL32.dll/CommandLineToArgvW
DynamicLoader: SHELL32.dll/ShellExecuteA
DynamicLoader: SHELL32.dll/SHGetFolderPathA
DynamicLoader: SHELL32.dll/Shell_NotifyIconA
DynamicLoader: SHELL32.dll/SHGetPathFromIDListA
DynamicLoader: SHELL32.dll/SHGetSpecialFolderLocation
DynamicLoader: SHELL32.dll/SHGetMalloc
DynamicLoader: USER32.dll/GetUpdateRect
DynamicLoader: USER32.dll/UnregisterClassA
DynamicLoader: USER32.dll/CloseWindow
DynamicLoader: USER32.dll/DestroyIcon
DynamicLoader: USER32.dll/GetSysColor
DynamicLoader: USER32.dll/SetRect
DynamicLoader: USER32.dll/GetWindowRgn
DynamicLoader: USER32.dll/CopyRect
DynamicLoader: USER32.dll/IntersectRect
DynamicLoader: USER32.dll/EndPaint
DynamicLoader: USER32.dll/BeginPaint
DynamicLoader: USER32.dll/PostQuitMessage
DynamicLoader: USER32.dll/SetWindowLongA
DynamicLoader: USER32.dll/GetWindowLongA
DynamicLoader: USER32.dll/DrawFocusRect
DynamicLoader: USER32.dll/DrawFrameControl
DynamicLoader: USER32.dll/GetWindowTextA
DynamicLoader: USER32.dll/InflateRect
DynamicLoader: USER32.dll/CreateWindowExA
DynamicLoader: USER32.dll/SetWindowRgn
DynamicLoader: USER32.dll/CallWindowProcA
DynamicLoader: USER32.dll/DrawIconEx
DynamicLoader: USER32.dll/ReleaseDC
DynamicLoader: USER32.dll/GetParent
DynamicLoader: USER32.dll/LoadCursorA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/SetForegroundWindow
DynamicLoader: USER32.dll/DispatchMessageA
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/GetPropA
DynamicLoader: USER32.dll/GetMessageA
DynamicLoader: USER32.dll/CloseClipboard
DynamicLoader: USER32.dll/GetClipboardData
DynamicLoader: USER32.dll/OpenClipboard
DynamicLoader: USER32.dll/FindWindowA
DynamicLoader: USER32.dll/RegisterClassExA
DynamicLoader: USER32.dll/GetClassInfoExA
DynamicLoader: USER32.dll/EnumChildWindows
DynamicLoader: USER32.dll/SetFocus
DynamicLoader: USER32.dll/SetParent
DynamicLoader: USER32.dll/RegisterWindowMessageA
DynamicLoader: USER32.dll/MessageBoxExA
DynamicLoader: USER32.dll/LoadMenuA
DynamicLoader: USER32.dll/GetSubMenu
DynamicLoader: USER32.dll/DestroyMenu
DynamicLoader: USER32.dll/SetMenuDefaultItem
DynamicLoader: USER32.dll/GetCursorPos
DynamicLoader: USER32.dll/TrackPopupMenu
DynamicLoader: USER32.dll/GetMenuItemID
DynamicLoader: USER32.dll/GetClassNameA
DynamicLoader: USER32.dll/DrawAnimatedRects
DynamicLoader: USER32.dll/RedrawWindow
DynamicLoader: USER32.dll/FillRect
DynamicLoader: USER32.dll/CreateIconIndirect
DynamicLoader: USER32.dll/GetIconInfo
DynamicLoader: USER32.dll/GetDCEx
DynamicLoader: USER32.dll/LoadIconA
DynamicLoader: USER32.dll/GetForegroundWindow
DynamicLoader: USER32.dll/GetClientRect
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: USER32.dll/PostMessageA
DynamicLoader: USER32.dll/SystemParametersInfoA
DynamicLoader: USER32.dll/GetWindowRect
DynamicLoader: USER32.dll/GetDesktopWindow
DynamicLoader: USER32.dll/wsprintfW
DynamicLoader: USER32.dll/SetPropA
DynamicLoader: USER32.dll/SendMessageA
DynamicLoader: USER32.dll/MessageBeep
DynamicLoader: USER32.dll/KillTimer
DynamicLoader: USER32.dll/SetTimer
DynamicLoader: USER32.dll/DestroyWindow
DynamicLoader: USER32.dll/SetActiveWindow
DynamicLoader: USER32.dll/GetActiveWindow
DynamicLoader: USER32.dll/EnableWindow
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/LoadImageA
DynamicLoader: USER32.dll/ExitWindowsEx
DynamicLoader: USER32.dll/ShowCursor
DynamicLoader: USER32.dll/SetCursor
DynamicLoader: USER32.dll/GetDC
DynamicLoader: USER32.dll/EnumDesktopWindows
DynamicLoader: USER32.dll/OpenInputDesktop
DynamicLoader: USER32.dll/EnumWindows
DynamicLoader: USER32.dll/ChangeDisplaySettingsA
DynamicLoader: USER32.dll/EnumDisplaySettingsA
DynamicLoader: USER32.dll/DrawTextA
DynamicLoader: USER32.dll/wsprintfA
DynamicLoader: USER32.dll/InvalidateRect
DynamicLoader: USER32.dll/SetWindowPos
DynamicLoader: USER32.dll/ShowWindow
DynamicLoader: USER32.dll/UpdateWindow
DynamicLoader: USER32.dll/DefWindowProcA
DynamicLoader: VERSION.dll/VerQueryValueA
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeA
DynamicLoader: VERSION.dll/GetFileVersionInfoA
DynamicLoader: WININET.dll/HttpSendRequestA
DynamicLoader: WININET.dll/HttpOpenRequestA
DynamicLoader: WININET.dll/InternetCloseHandle
DynamicLoader: WININET.dll/InternetOpenA
DynamicLoader: WININET.dll/HttpEndRequestA
DynamicLoader: WININET.dll/InternetQueryDataAvailable
DynamicLoader: WININET.dll/InternetReadFile
DynamicLoader: WININET.dll/InternetConnectA
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/RtlNtStatusToDosError
DynamicLoader: ntdll.dll/NtQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/NtTerminateProcess
DynamicLoader: ntdll.dll/NtTerminateThread
DynamicLoader: ntdll.dll/NtGetNextProcess
DynamicLoader: ntdll.dll/NtOpenProcess
DynamicLoader: ntdll.dll/NtClose
DynamicLoader: ntdll.dll/NtDuplicateObject
DynamicLoader: ntdll.dll/RtlGetVersion
DynamicLoader: ntdll.dll/RtlCreateUserThread
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: IPHLPAPI.DLL/NotifyIpInterfaceChange
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventWrite
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance
DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
DynamicLoader: WS2_32.dll/GetAddrInfoW
DynamicLoader: IPHLPAPI.DLL/NotifyUnicastIpAddressChange
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IPHLPAPI.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: IPHLPAPI.DLL/GetIpForwardTable2
DynamicLoader: IPHLPAPI.DLL/GetIpNetEntry2
DynamicLoader: IPHLPAPI.DLL/FreeMibTable
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/StringFromIID
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoSetProxyBlanket
DynamicLoader: ole32.dll/ObjectStublessClient10
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegEnumKeyExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: api-ms-win-downlevel-shlwapi-l2-1-0.dll/IUnknown_QueryService
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoUninitialize
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: SHELL32.dll/
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoWaitForMultipleHandles
DynamicLoader: urlmon.dll/RevokeBindStatusCallback
DynamicLoader: OLEAUT32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: urlmon.dll/ShouldShowIntranetWarningSecband
DynamicLoader: ieframe.dll/
DynamicLoader: USER32.dll/RegisterTouchHitTestingWindow
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: d2d1.dll/
DynamicLoader: DWrite.dll/DWriteCreateFactory
DynamicLoader: dxgi.dll/CreateDXGIFactory1
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: d3d11.dll/D3D11CreateDevice
DynamicLoader: dxgi.dll/CompatValue
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: setupapi.dll/SetupDiGetClassDevsW
DynamicLoader: setupapi.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: setupapi.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: setupapi.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: setupapi.dll/SetupDiGetDevicePropertyW
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: GDI32.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: GDI32.dll/D3DKMTCloseAdapter
DynamicLoader: GDI32.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTGetThunkVersion
DynamicLoader: D3D10Warp.dll/D3DKMTOpenAdapterFromGdiDisplayName
DynamicLoader: D3D10Warp.dll/D3DKMTOpenAdapterFromDeviceName
DynamicLoader: D3D10Warp.dll/D3DKMTGetDisplayModeList
DynamicLoader: D3D10Warp.dll/D3DKMTSetVidPnSourceOwner
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayMode
DynamicLoader: D3D10Warp.dll/D3DKMTCloseAdapter
DynamicLoader: D3D10Warp.dll/D3DKMTSetGammaRamp
DynamicLoader: D3D10Warp.dll/D3DKMTGetDeviceState
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTWaitForVerticalBlankEvent
DynamicLoader: GDI32.dll/D3DKMTCreateDCFromMemory
DynamicLoader: GDI32.dll/D3DKMTDestroyDCFromMemory
DynamicLoader: GDI32.dll/D3DKMTCheckVidPnExclusiveOwnership
DynamicLoader: GDI32.dll/D3DKMTCheckMonitorPowerState
DynamicLoader: GDI32.dll/D3DKMTCheckSharedResourceAccess
DynamicLoader: D3D10Warp.dll/D3DKMTSetQueuedLimit
DynamicLoader: D3D10Warp.dll/D3DKMTGetMultisampleMethodList
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAdapterInfo
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayPrivateDriverFormat
DynamicLoader: D3D10Warp.dll/D3DKMTDestroySynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTCreateSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyContext
DynamicLoader: D3D10Warp.dll/D3DKMTCreateContext
DynamicLoader: D3D10Warp.dll/D3DKMTGetContextSchedulingPriority
DynamicLoader: D3D10Warp.dll/D3DKMTSetContextSchedulingPriority
DynamicLoader: D3D10Warp.dll/D3DKMTPresent
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyDevice
DynamicLoader: D3D10Warp.dll/D3DKMTCreateDevice
DynamicLoader: D3D10Warp.dll/D3DKMTQueryAllocationResidency
DynamicLoader: D3D10Warp.dll/D3DKMTSetAllocationPriority
DynamicLoader: D3D10Warp.dll/D3DKMTDestroyAllocation
DynamicLoader: D3D10Warp.dll/D3DKMTOpenResource
DynamicLoader: D3D10Warp.dll/D3DKMTQueryResourceInfo
DynamicLoader: D3D10Warp.dll/D3DKMTCreateAllocation
DynamicLoader: D3D10Warp.dll/D3DKMTGetDeviceState
DynamicLoader: D3D10Warp.dll/D3DKMTSetDisplayMode
DynamicLoader: D3D10Warp.dll/D3DKMTSignalSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTWaitForSynchronizationObject
DynamicLoader: D3D10Warp.dll/D3DKMTEscape
DynamicLoader: D3D10Warp.dll/D3DKMTUnlock
DynamicLoader: D3D10Warp.dll/D3DKMTLock
DynamicLoader: D3D10Warp.dll/D3DKMTRender
DynamicLoader: D3D10Warp.dll/OpenAdapter10_2
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: D3D10Warp.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: msls31.dll/
DynamicLoader: msls31.dll/
DynamicLoader: Secur32.dll/GetUserNameExW
DynamicLoader: MLANG.dll/
DynamicLoader: PROPSYS.dll/PSCreateMemoryPropertyStore
DynamicLoader: WININET.dll/GetUrlCacheEntryBinaryBlob
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/VariantToStringWithDefault
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExW
DynamicLoader: urlmon.dll/
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
Performs HTTP requests potentially not found in PCAP.
url: 89.187.53.223:80//lurl.php?affid=21700
url: 89.187.53.223:80//lurl.php?affid=21700
url: 89.187.53.223:80//lurl.php?affid=21700
url: 89.187.53.223:80//install.php?affid=21700
Reads data out of its own binary image
self_read: process: data.exe, pid: 2616, offset: 0x00000000, length: 0x00003000
self_read: process: data.exe, pid: 2616, offset: 0x00002e00, length: 0x0004ac00
self_read: process: data.exe, pid: 2616, offset: 0x00003000, length: 0x0002ae00
self_read: process: nMpEgLh21700.exe, pid: 3180, offset: 0x00002e00, length: 0x0004ac00
CAPE extracted potentially suspicious content
nMpEgLh21700.exe: Extracted Shellcode
Drops a binary and executes it
binary: C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe
binary: C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Louise\AppData\Local\Temp\data.exe
Installs itself for autorun at Windows startup
key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\nMpEgLh21700
data: C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe
File has been identified by 63 Antiviruses on VirusTotal as malicious
Bkav: W32.OngameMKH.Trojan
MicroWorld-eScan: Gen:Trojan.Heur.KS.2
FireEye: Generic.mg.8626242719c85dfb
CAT-QuickHeal: FraudTool.Security
McAfee: Generic FakeAV.ama
Cylance: Unsafe
Zillya: Trojan.FakeAV.Win32.57144
SUPERAntiSpyware: Trojan.Agent/Gen-FakeAlert
K7AntiVirus: Trojan ( 002155461 )
Alibaba: Trojan:Win32/FakeAV.b6ac5781
K7GW: Trojan ( 002155461 )
Cybereason: malicious.719c85
Arcabit: Trojan.Heur.KS.2
Invincea: heuristic
BitDefenderTheta: AI:Packer.A20BC7AF14
F-Prot: W32/SuspPack.DA.gen!Eldorado
Symantec: Trojan Horse
TotalDefense: Win32/FakeAV!generic
TrendMicro-HouseCall: WORM_KELIHOS.SM
Paloalto: generic.ml
ClamAV: Win.Trojan.FakeAV-168
Kaspersky: Trojan.Win32.FakeAV.asbq
BitDefender: Gen:Trojan.Heur.KS.2
NANO-Antivirus: Trojan.Win32.FakeAV.bwfnp
ViRobot: Trojan.Win32.FakeAV.317952
Avast: Win32:FakeAlert-AAZ [Trj]
Ad-Aware: Gen:Trojan.Heur.KS.2
Sophos: Mal/FakeAV-IH
F-Secure: Trojan.TR/Crypt.XPACK.Gen
DrWeb: Trojan.Packed.21552
VIPRE: VirTool.Win32.Obfuscator.da!j (v)
TrendMicro: WORM_KELIHOS.SM
McAfee-GW-Edition: BehavesLike.Win32.FakeAlert.fc
SentinelOne: DFI - Malicious PE
Trapmine: suspicious.low.ml.score
CMC: Trojan.Win32.FakeAV!O
Emsisoft: Gen:Trojan.Heur.KS.2 (B)
APEX: Malicious
Cyren: W32/SuspPack.DA.gen!Eldorado
Jiangmin: Trojan/Fakeav.jss
Webroot: W32.Malware.Gen
Avira: TR/Crypt.XPACK.Gen
Fortinet: W32/Krypt.N!tr.dldr
Endgame: malicious (high confidence)
Microsoft: Rogue:Win32/Winwebsec
AegisLab: Trojan.Win32.FakeAV.4!c
ZoneAlarm: Trojan.Win32.FakeAV.asbq
TACHYON: Trojan/W32.Agent.317952.BH
AhnLab-V3: Trojan/Win32.FakeAV.R829
Acronis: suspicious
VBA32: Trojan.MTA.01004
MAX: malware (ai score=94)
Malwarebytes: Trojan.FakeAlert
ESET-NOD32: Win32/Adware.SystemSecurity.AD
Rising: Malware.Undefined!8.C (TFE:5:VEuKYa4ZGYF)
Yandex: Trojan.Waledac.Gen!Pac.11
Ikarus: Trojan.Win32.FakeAV
GData: Gen:Trojan.Heur.KS.2
AVG: Win32:FakeAlert-AAZ [Trj]
Panda: Trj/Agent.FX
CrowdStrike: win/malicious_confidence_100% (W)
Qihoo-360: Trojan.Downloader.Win32.Waledac.A
Attempts to modify proxy settings
Creates a copy of itself
copy: C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe

Screenshots


Hosts

Direct IP Country Name
Y 89.187.53.223 [VT] Moldova, Republic of
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

DNS

No domains contacted.


Summary

C:\Windows\System32\pautoenr.dll
C:\Users\Louise\AppData\Local\Temp\data.exe
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Louise\AppData\Local\Temp\data
C:\ProgramData\*
C:\ProgramData\nMpEgLh21700\
C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe
C:\Users\Louise\AppData\Local\Temp
\Device\KsecDD
C:\Users\Louise\AppData\Local\Temp\aB6B8.tmp
C:\ProgramData\nMpEgLh21700\nMpEgLh21700
C:\ProgramData\nMpEgLh21700\*.exe
C:\Windows\System32\tzres.dll
C:\ProgramData\nMpEgLh21700\DXGIDebug.dll
C:\Windows\System32\D3D10Warp.dll
C:\Users\Louise\AppData\Local\Temp\data.exe
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Louise\AppData\Local\Temp\data
C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe
\Device\KsecDD
C:\Users\Louise\AppData\Local\Temp\aB6B8.tmp
C:\ProgramData\nMpEgLh21700\nMpEgLh21700
C:\Windows\System32\tzres.dll
C:\Users\Louise\AppData\Local\Temp\data
C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe
C:\Users\Louise\AppData\Local\Temp\aB6B8.tmp
C:\ProgramData\nMpEgLh21700\nMpEgLh21700
C:\Users\Louise\AppData\Local\Temp\data
C:\Users\Louise\AppData\Local\Temp\data.exe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\LdapClientIntegrity
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseOldHostResolutionOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseHostnameAsAlias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\IPv4LoopbackAlternative
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\52-54-00-6f-d4-05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadNetworkName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\nMpEgLh21700.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\NavigationDelay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\nMpEgLh21700
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\nMpEgLh21700.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1400
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
\x59e0\x1e9EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
\x59e0\x1e9EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\Drivers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\Software\Microsoft\Direct3D\DX6TextureEnumInclusionList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_CURRENT_USER\Software\Microsoft\DXGI
HKEY_LOCAL_MACHINE\Software\Microsoft\DXGI
HKEY_CURRENT_USER\Software\Classes\AppID\nMpEgLh21700.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\EUDC\1252
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO
HKEY_CURRENT_USER\Software\Microsoft\Ftp
HKEY_CURRENT_USER\Software\Microsoft\FTP\Use Web Based FTP
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\LdapClientIntegrity
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseOldHostResolutionOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseHostnameAsAlias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\IPv4LoopbackAlternative
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\NavigationDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\nMpEgLh21700.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1400
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IESansSerifFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEUIFontName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\OperationalData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
\x59e0\x1e9EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
\x59e0\x1e9EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ClientCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\Drivers\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Size
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\DX6TextureEnumInclusionList\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
HKEY_CURRENT_USER\Software\Microsoft\FTP\Use Web Based FTP
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PrefetchPrerender\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadNetworkName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\nMpEgLh21700
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.VirtualProtect
kernel32.dll.VirtualAlloc
kernel32.dll.VirtualFree
kernel32.dll.ExitProcess
advapi32.dll.FreeSid
comctl32.dll.#17
comdlg32.dll.GetSaveFileNameA
gdi32.dll.LineTo
msimg32.dll.AlphaBlend
ole32.dll.OleInitialize
oleaut32.dll.#6
psapi.dll.GetModuleFileNameExA
shell32.dll.SHGetMalloc
user32.dll.GetDC
version.dll.VerQueryValueA
wininet.dll.InternetOpenA
kernel32.dll.OpenMutexA
kernel32.dll.CreateThread
kernel32.dll.ResumeThread
kernel32.dll.InterlockedDecrement
kernel32.dll.VirtualAllocEx
kernel32.dll.GetModuleHandleA
kernel32.dll.DuplicateHandle
kernel32.dll.GetModuleFileNameA
kernel32.dll.WriteProcessMemory
kernel32.dll.OutputDebugStringA
kernel32.dll.CreateRemoteThread
kernel32.dll.GetTempFileNameA
kernel32.dll.FindResourceA
kernel32.dll.SizeofResource
kernel32.dll.LoadResource
kernel32.dll.ReadFile
kernel32.dll.SetFilePointer
kernel32.dll.WriteFile
kernel32.dll.GetCommandLineW
kernel32.dll.DeleteFileW
kernel32.dll.LocalFree
kernel32.dll.InitializeCriticalSection
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetTempPathA
kernel32.dll.DeleteCriticalSection
kernel32.dll.lstrlenW
kernel32.dll.QueryPerformanceFrequency
kernel32.dll.QueryPerformanceCounter
kernel32.dll.GetLocaleInfoA
kernel32.dll.GlobalMemoryStatus
kernel32.dll.GetVersionExA
kernel32.dll.GetSystemInfo
kernel32.dll.GetComputerNameA
kernel32.dll.FreeLibrary
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.WideCharToMultiByte
kernel32.dll.WaitForSingleObjectEx
kernel32.dll.TerminateThread
kernel32.dll.QueryDosDeviceA
kernel32.dll.IsBadReadPtr
kernel32.dll.GetVersion
kernel32.dll.SystemTimeToFileTime
kernel32.dll.FileTimeToSystemTime
kernel32.dll.FileTimeToLocalFileTime
kernel32.dll.GetTimeZoneInformation
kernel32.dll.MultiByteToWideChar
kernel32.dll.GetFileAttributesA
kernel32.dll.FormatMessageA
kernel32.dll.LocalAlloc
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalFree
kernel32.dll.GlobalLock
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalReAlloc
kernel32.dll.GetProcessHeap
kernel32.dll.HeapAlloc
kernel32.dll.HeapFree
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetEnvironmentStrings
kernel32.dll.FreeEnvironmentStringsA
kernel32.dll.HeapReAlloc
kernel32.dll.HeapCreate
kernel32.dll.GetFileType
kernel32.dll.GetStdHandle
kernel32.dll.SetHandleCount
kernel32.dll.LCMapStringW
kernel32.dll.LCMapStringA
kernel32.dll.IsValidCodePage
kernel32.dll.GetOEMCP
kernel32.dll.GetACP
kernel32.dll.GetCPInfo
kernel32.dll.HeapSize
kernel32.dll.GetCurrentThreadId
kernel32.dll.SetLastError
kernel32.dll.InterlockedIncrement
kernel32.dll.TlsFree
kernel32.dll.TlsSetValue
kernel32.dll.TlsAlloc
kernel32.dll.TlsGetValue
kernel32.dll.GetModuleHandleW
kernel32.dll.RaiseException
kernel32.dll.RtlUnwind
kernel32.dll.GetStartupInfoA
kernel32.dll.GetCommandLineA
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.GetSystemDirectoryA
kernel32.dll.CreateDirectoryA
kernel32.dll.CreateProcessA
kernel32.dll.lstrcpynA
kernel32.dll.Process32Next
kernel32.dll.GetTickCount
kernel32.dll.TerminateProcess
kernel32.dll.lstrcmpiA
kernel32.dll.Process32First
kernel32.dll.OpenProcess
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.GetSystemTime
kernel32.dll.RemoveDirectoryA
kernel32.dll.SetFileAttributesA
kernel32.dll.VirtualQuery
kernel32.dll.FindClose
kernel32.dll.FindNextFileA
kernel32.dll.FindFirstFileA
kernel32.dll.DeleteFileA
kernel32.dll.GetLastError
kernel32.dll.CreateMutexA
kernel32.dll.Sleep
kernel32.dll.SetProcessAffinityMask
kernel32.dll.GetProcessAffinityMask
kernel32.dll.GetCurrentProcess
kernel32.dll.CloseHandle
kernel32.dll.UnmapViewOfFile
kernel32.dll.lstrcatA
kernel32.dll.lstrcmpA
kernel32.dll.MapViewOfFileEx
kernel32.dll.CreateFileMappingA
kernel32.dll.GetFileSize
kernel32.dll.CreateFileA
kernel32.dll.lstrcpyA
kernel32.dll.lstrlenA
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.GetStringTypeA
kernel32.dll.GetStringTypeW
kernel32.dll.SetStdHandle
kernel32.dll.GetConsoleCP
kernel32.dll.GetConsoleMode
kernel32.dll.FlushFileBuffers
kernel32.dll.SetEndOfFile
kernel32.dll.WriteConsoleA
kernel32.dll.GetConsoleOutputCP
kernel32.dll.WriteConsoleW
kernel32.dll.SetCurrentDirectoryA
advapi32.dll.LookupPrivilegeValueA
advapi32.dll.AdjustTokenPrivileges
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegSetValueExA
advapi32.dll.RegCloseKey
advapi32.dll.RegCreateKeyExA
advapi32.dll.RegDeleteValueA
advapi32.dll.EqualSid
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.GetTokenInformation
advapi32.dll.OpenProcessToken
comctl32.dll._TrackMouseEvent
comctl32.dll.InitCommonControlsEx
comctl32.dll.ImageList_Create
comctl32.dll.ImageList_ReplaceIcon
comctl32.dll.ImageList_Destroy
gdi32.dll.SetBkColor
gdi32.dll.GetTextMetricsA
gdi32.dll.CreateRectRgn
gdi32.dll.CombineRgn
gdi32.dll.StretchBlt
gdi32.dll.AngleArc
gdi32.dll.RoundRect
gdi32.dll.GetDIBits
gdi32.dll.ExtCreateRegion
gdi32.dll.MoveToEx
gdi32.dll.GetTextColor
gdi32.dll.GetStockObject
gdi32.dll.CreateFontIndirectA
gdi32.dll.GetCurrentPositionEx
gdi32.dll.SaveDC
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.RestoreDC
gdi32.dll.SetDIBits
gdi32.dll.CreateDIBitmap
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.GetDeviceCaps
gdi32.dll.GetObjectA
gdi32.dll.DeleteDC
gdi32.dll.Rectangle
gdi32.dll.DeleteObject
gdi32.dll.GetTextExtentPointA
gdi32.dll.CreateFontA
gdi32.dll.SetTextColor
gdi32.dll.SetBkMode
gdi32.dll.BitBlt
gdi32.dll.CreateSolidBrush
gdi32.dll.CreatePen
gdi32.dll.SelectObject
gdi32.dll.CreateDIBSection
gdi32.dll.CreateCompatibleDC
gdi32.dll.CreateBitmap
gdi32.dll.CreateDCA
ole32.dll.CoCreateInstance
oleaut32.dll.#9
oleaut32.dll.#2
psapi.dll.GetProcessImageFileNameA
shell32.dll.SHAppBarMessage
shell32.dll.CommandLineToArgvW
shell32.dll.ShellExecuteA
shell32.dll.SHGetFolderPathA
shell32.dll.Shell_NotifyIconA
shell32.dll.SHGetPathFromIDListA
shell32.dll.SHGetSpecialFolderLocation
user32.dll.GetUpdateRect
user32.dll.UnregisterClassA
user32.dll.CloseWindow
user32.dll.DestroyIcon
user32.dll.GetSysColor
user32.dll.SetRect
user32.dll.GetWindowRgn
user32.dll.CopyRect
user32.dll.IntersectRect
user32.dll.EndPaint
user32.dll.BeginPaint
user32.dll.PostQuitMessage
user32.dll.SetWindowLongA
user32.dll.GetWindowLongA
user32.dll.DrawFocusRect
user32.dll.DrawFrameControl
user32.dll.GetWindowTextA
user32.dll.InflateRect
user32.dll.CreateWindowExA
user32.dll.SetWindowRgn
user32.dll.CallWindowProcA
user32.dll.DrawIconEx
user32.dll.ReleaseDC
user32.dll.GetParent
user32.dll.LoadCursorA
user32.dll.GetSystemMetrics
user32.dll.SetForegroundWindow
user32.dll.DispatchMessageA
user32.dll.TranslateMessage
user32.dll.GetPropA
user32.dll.GetMessageA
user32.dll.CloseClipboard
user32.dll.GetClipboardData
user32.dll.OpenClipboard
user32.dll.FindWindowA
user32.dll.RegisterClassExA
user32.dll.GetClassInfoExA
user32.dll.EnumChildWindows
user32.dll.SetFocus
user32.dll.SetParent
user32.dll.RegisterWindowMessageA
user32.dll.MessageBoxExA
user32.dll.LoadMenuA
user32.dll.GetSubMenu
user32.dll.DestroyMenu
user32.dll.SetMenuDefaultItem
user32.dll.GetCursorPos
user32.dll.TrackPopupMenu
user32.dll.GetMenuItemID
user32.dll.GetClassNameA
user32.dll.DrawAnimatedRects
user32.dll.RedrawWindow
user32.dll.FillRect
user32.dll.CreateIconIndirect
user32.dll.GetIconInfo
user32.dll.GetDCEx
user32.dll.LoadIconA
user32.dll.GetForegroundWindow
user32.dll.GetClientRect
user32.dll.MessageBoxA
user32.dll.PostMessageA
user32.dll.SystemParametersInfoA
user32.dll.GetWindowRect
user32.dll.GetDesktopWindow
user32.dll.wsprintfW
user32.dll.SetPropA
user32.dll.SendMessageA
user32.dll.MessageBeep
user32.dll.KillTimer
user32.dll.SetTimer
user32.dll.DestroyWindow
user32.dll.SetActiveWindow
user32.dll.GetActiveWindow
user32.dll.EnableWindow
user32.dll.IsWindow
user32.dll.LoadImageA
user32.dll.ExitWindowsEx
user32.dll.ShowCursor
user32.dll.SetCursor
user32.dll.EnumDesktopWindows
user32.dll.OpenInputDesktop
user32.dll.EnumWindows
user32.dll.ChangeDisplaySettingsA
user32.dll.EnumDisplaySettingsA
user32.dll.DrawTextA
user32.dll.wsprintfA
user32.dll.InvalidateRect
user32.dll.SetWindowPos
user32.dll.ShowWindow
user32.dll.UpdateWindow
user32.dll.DefWindowProcA
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
wininet.dll.HttpSendRequestA
wininet.dll.HttpOpenRequestA
wininet.dll.InternetCloseHandle
wininet.dll.HttpEndRequestA
wininet.dll.InternetQueryDataAvailable
wininet.dll.InternetReadFile
wininet.dll.InternetConnectA
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.GetNativeSystemInfo
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ntdll.dll.NtQuerySystemInformation
ntdll.dll.RtlNtStatusToDosError
ntdll.dll.NtQueryInformationProcess
ntdll.dll.ZwQueryInformationProcess
ntdll.dll.NtTerminateProcess
ntdll.dll.NtTerminateThread
ntdll.dll.NtGetNextProcess
ntdll.dll.NtOpenProcess
ntdll.dll.NtClose
ntdll.dll.NtDuplicateObject
ntdll.dll.RtlGetVersion
ntdll.dll.RtlCreateUserThread
ws2_32.dll.#23
ws2_32.dll.#21
ws2_32.dll.WSAIoctl
ws2_32.dll.#3
ws2_32.dll.#116
iphlpapi.dll.NotifyIpInterfaceChange
api-ms-win-downlevel-ole32-l1-1-0.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventWrite
api-ms-win-downlevel-ole32-l1-1-0.dll.CoCreateInstance
iphlpapi.dll.NotifyUnicastIpAddressChange
iphlpapi.dll.GetAdaptersAddresses
ws2_32.dll.GetAddrInfoW
oleaut32.dll.#8
oleaut32.dll.DllGetClassObject
oleaut32.dll.DllCanUnloadNow
advapi32.dll.RegOpenKeyW
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.GetIpNetEntry2
iphlpapi.dll.FreeMibTable
api-ms-win-downlevel-ole32-l1-1-0.dll.StringFromIID
api-ms-win-downlevel-ole32-l1-1-0.dll.CoUninitialize
oleaut32.dll.#500
api-ms-win-downlevel-ole32-l1-1-0.dll.CoSetProxyBlanket
ole32.dll.ObjectStublessClient10
ole32.dll.CoTaskMemFree
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegEnumKeyExW
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
api-ms-win-downlevel-shlwapi-l2-1-0.dll.IUnknown_QueryService
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemAlloc
ole32.dll.CoGetMalloc
shell32.dll.#66
api-ms-win-downlevel-ole32-l1-1-0.dll.CoWaitForMultipleHandles
urlmon.dll.RevokeBindStatusCallback
urlmon.dll.#513
shell32.dll.SHGetFolderPathW
urlmon.dll.ShouldShowIntranetWarningSecband
ieframe.dll.#159
msls31.dll.#62
msls31.dll.#63
msls31.dll.#66
msls31.dll.#61
msls31.dll.#71
msls31.dll.#1
msls31.dll.#49
msls31.dll.#52
msls31.dll.#48
msls31.dll.#3
d2d1.dll.#1
dwrite.dll.DWriteCreateFactory
dxgi.dll.CreateDXGIFactory1
gdi32.dll.D3DKMTOpenAdapterFromGdiDisplayName
gdi32.dll.D3DKMTCloseAdapter
gdi32.dll.D3DKMTQueryAdapterInfo
gdi32.dll.D3DKMTOpenAdapterFromDeviceName
setupapi.dll.SetupDiGetClassDevsW
setupapi.dll.SetupDiEnumDeviceInterfaces
setupapi.dll.SetupDiGetDeviceInterfaceDetailW
setupapi.dll.SetupDiDestroyDeviceInfoList
setupapi.dll.SetupDiGetDevicePropertyW
wintrust.dll.WinVerifyTrust
d3d11.dll.D3D11CreateDevice
dxgi.dll.CompatValue
d3d10warp.dll.D3DKMTOpenAdapterFromGdiDisplayName
d3d10warp.dll.D3DKMTOpenAdapterFromDeviceName
d3d10warp.dll.D3DKMTGetDisplayModeList
d3d10warp.dll.D3DKMTSetVidPnSourceOwner
d3d10warp.dll.D3DKMTSetDisplayMode
d3d10warp.dll.D3DKMTCloseAdapter
d3d10warp.dll.D3DKMTSetGammaRamp
d3d10warp.dll.D3DKMTGetDeviceState
d3d10warp.dll.D3DKMTQueryAdapterInfo
d3d10warp.dll.D3DKMTWaitForVerticalBlankEvent
gdi32.dll.D3DKMTCreateDCFromMemory
gdi32.dll.D3DKMTDestroyDCFromMemory
gdi32.dll.D3DKMTCheckVidPnExclusiveOwnership
gdi32.dll.D3DKMTCheckMonitorPowerState
gdi32.dll.D3DKMTCheckSharedResourceAccess
d3d10warp.dll.D3DKMTGetMultisampleMethodList
d3d10warp.dll.D3DKMTSetDisplayPrivateDriverFormat
d3d10warp.dll.D3DKMTDestroySynchronizationObject
d3d10warp.dll.D3DKMTCreateSynchronizationObject
d3d10warp.dll.D3DKMTDestroyContext
d3d10warp.dll.D3DKMTCreateContext
d3d10warp.dll.D3DKMTGetContextSchedulingPriority
d3d10warp.dll.D3DKMTSetContextSchedulingPriority
d3d10warp.dll.D3DKMTPresent
d3d10warp.dll.D3DKMTDestroyDevice
d3d10warp.dll.D3DKMTCreateDevice
d3d10warp.dll.D3DKMTQueryAllocationResidency
d3d10warp.dll.D3DKMTSetAllocationPriority
d3d10warp.dll.D3DKMTDestroyAllocation
d3d10warp.dll.D3DKMTOpenResource
d3d10warp.dll.D3DKMTQueryResourceInfo
d3d10warp.dll.D3DKMTCreateAllocation
d3d10warp.dll.D3DKMTSignalSynchronizationObject
d3d10warp.dll.D3DKMTWaitForSynchronizationObject
d3d10warp.dll.D3DKMTEscape
d3d10warp.dll.D3DKMTUnlock
d3d10warp.dll.D3DKMTLock
d3d10warp.dll.D3DKMTRender
d3d10warp.dll.OpenAdapter10_2
d3d10warp.dll.#199
urlmon.dll.#421
urlmon.dll.#408
msls31.dll.#44
msls31.dll.#5
secur32.dll.GetUserNameExW
mlang.dll.#112
propsys.dll.PSCreateMemoryPropertyStore
wininet.dll.GetUrlCacheEntryBinaryBlob
ole32.dll.RegisterDragDrop
oleaut32.dll.#147
propsys.dll.VariantToStringWithDefault
oleaut32.dll.#411
oleaut32.dll.#23
oleaut32.dll.#24
wininet.dll.GetUrlCacheEntryInfoExW
urlmon.dll.#404
"C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe" "C:\Users\Louise\AppData\Local\Temp\data.exe"
Don't stop me! I need some money!
Don't stop me! I give work and money for you!
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
qdbkprgy159eho
!IECompat!Mutex

BinGraph Download graph

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash Icon Icon Exact Hash Icon Similarity Hash
0x00400000 0x004010bc 0x00053200 0x00053200 4.0 2011-01-12 13:59:58 a52fe0da9630e2cd6c9c8da2b0d8b427 27be8db4c81a5c51c7ce8fbfb7cb72ab bc5d717e4ae086c4b6f3201135b599f4

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000400 0x00001000 0x000007a1 0x00000800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 4.94
.rdata 0x00000c00 0x00002000 0x00000ab8 0x00000c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6.25
.data 0x00001800 0x00003000 0x000ae000 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x00001c00 0x000b1000 0x0000115c 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.63

Overlay

Offset 0x00002e00
Size 0x0004ac00

Resources

Name Offset Size Language Sub-language Entropy File type
RT_ICON 0x000b10a0 0x000010a8 LANG_ENGLISH SUBLANG_ENGLISH_US 3.57 None
RT_GROUP_ICON 0x000b2148 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 1.78 None

Imports

0x402000 HeapCreate
0x402008 GetDriveTypeA
0x402010 GetStdHandle
0x402014 SetErrorMode
0x402018 RaiseException
0x40201c GlobalUnlock
0x402020 LockResource
0x402024 LoadLibraryExA
0x402028 SetConsoleOutputCP
0x40202c GetACP
0x402030 GetLastError
0x402034 CloseHandle
0x402038 VirtualProtect
0x40203c GlobalDeleteAtom
0x402040 InterlockedExchange
0x402044 GlobalFree
0x402048 GlobalAddAtomA
0x40204c Sleep
0x402050 GetLocaleInfoA
0x402058 EndPaint
0x40205c BeginPaint
0x402060 GetCursorPos
0x402064 GetActiveWindow
0x402068 ValidateRect
0x40206c ShowWindow
0x402070 GetWindow
0x402074 ClipCursor
0x402078 GetMenuItemInfoA
0x40207c DrawTextA
0x402080 ReleaseDC
0x402084 IsIconic
0x402088 GetWindowTextA
0x40208c GetClassNameA
0x402090 GetParent
0x402094 OemToCharW
0x402098 GetFocus
0x40209c SetForegroundWindow
0x4020a0 DrawEdge
0x4020a8 HttpAddUrl
0x4020b0 HttpTerminate
0x4020b4 HttpInitialize
0x4020b8 HttpRemoveUrl
0x4020c0 ldap_add

!This program cannot be run in DOS mode.
ARich
.text
`.rdata
.data
.rsrc
SVVPQ
USQPV
USQWVW
SWRPW
SPWVW
SRQQP
USVRPP
SQWQP
USPRRP
USQQW
USWVP
USQWVR
USQQPR
USRRQ
USQQQ
HeapCreate
FileTimeToLocalFileTime
GetDriveTypeA
EnterCriticalSection
GetStdHandle
SetErrorMode
RaiseException
GlobalUnlock
LockResource
LoadLibraryExA
SetConsoleOutputCP
GetACP
GetLastError
CloseHandle
VirtualProtect
GlobalDeleteAtom
InterlockedExchange
GlobalFree
GlobalAddAtomA
Sleep
GetLocaleInfoA
KERNEL32.dll
EndPaint
BeginPaint
GetCursorPos
GetActiveWindow
ValidateRect
ShowWindow
GetWindow
ClipCursor
GetMenuItemInfoA
DrawTextA
ReleaseDC
IsIconic
GetWindowTextA
GetClassNameA
GetParent
OemToCharW
GetFocus
SetForegroundWindow
DrawEdge
USER32.dll
HttpAddUrl
HttpCreateHttpHandle
HttpTerminate
HttpInitialize
HttpRemoveUrl
HTTPAPI.dll
ldap_add
WLDAP32.dll
8D.!aD
+D%!*D%
SYjnP
FdN{?f
FdN{?f
KEY{?
2\,R\\
+ms5,
=&fE=
]<v8lWv
xzDI}
*sb[<
\P2.t
"bvDY
RsUiHs
HZH-|<
Dg0z<
?=4"l
z|?$T;
[Ra`.
4m!b&-
8M=`0
t!apT
N2gA`
^cQ?C
VUsu!R
wN6+a
hD`@k!
`oQ:&
&^%>m5
2PCs'ri~
|*|o?
dG$#?
fo49y
rwMMVi
w!)<K0
j9+8`
684%z`}
$7wqa8G
]LTy|
k.:\4
u5q./83
BFz2O
1nYiT\
hio}b
TRqQPo
|y+%@cF8u
3O.b<SG
0 5T~
)m{fZ
p0LSE#
/;A]\(
QLge"
OFcBV
8v+Qm
f;QFROu
!QYe-m
,SzW&Q
1XeZy
_%1hrq:
)\~sCn
08Y:3GU
2R[td
/}R,+
$?+o.
!Jr< <
ME}m7
=yLv\
l*qna
CLR$y
lg=!C
?p_)7
ha1M?
\&_~n
BuARXB
y&TxP
CMK<C}
4..HD
7[Bw4
bWM!2z
3cX,Mr
9F;(CZ
A?Wsq
\]7VD
9L"*P
W4:Rz
szlJy
AwsUA;
9?-n}
Q*>&=
Xtg?N
wMeq N
b&F.~AwM
l_ydd
{X.Hvq
0,mhIn
TA^e1<
]%yWf
&G,+q
cRYQ"x
L;xEf
-4<*R/
=(NnWa
H%\~y
VaU1K]
LRv"H4
yEL7}xxv
14k%8
ojAY}
}@)6,
!ip4?b
5)DCP
Wq>t.
P;v#pwEuo
avQs+
,-gNY
Fz73<
y!v$i
63!|l[
c3ma#
T5i;Nv
2V&]N.
&=&PF
g^SyY
0X0j/
lAT?B
E7fTu
cW5.Q
oP9-%
MliA^o
i~V8
zfp J
k\g0pn&
;jODJ`
AP#:f
RGq}*
xb&v~
2(Hx[
6&}qz
K24B>
)ox_&d
F<+ M
liAYZD
".;DD
u[W,@
G\4/r
QK&]4
:8\sL}
W~QmW
-!tB u
B>o]9M
"2[ML
!.P>7
SoboG
;P/hC`5
\XGbA
XV:fR
e0GBe
Jo !3
jkoX=
SMPv{Yv\
i!OUC
U&bC9
@{^,P
+~Am;
X*iE6
HMeFi/
eG3w(
G)oi,j
XO le<
eW;d`
p7r&4(
{p|xO
3.U?fU
i\f}YbV
UY%b+
q>voF
vey"x
N$I|Z
)|9P7{
h|^~N
4:SOJ
5XYdM0
`u^Jm!
\*``'9
Oe~;7e
jt""`
ZUfrH
ZZ8Rl
txrJy
4"Q)g
%i]];
o{[Lo
A6S\zJ
5sl#1
@yPrc
t-"(x
Os/_}
ekh8j
vhXv(Wf
KA$!..
hWlva
_eeM6
{B{B3Y
X>=9vi
iEh3D
G{ _U
6/bg/k
+5RHjK
l<ZKe
<cVqV
)&~TY
V4L[y
]pq8C
LVr#y
2(#&T
wsi}mW
IW</1
-Y|b>XbQ>
!U07J
:r7X-
?.3yH
=z<v-
pFMWA
#ih82
FIFS>
3I j*T
;O/5?6
JLJnE}
,8$:j
R{}LR-7
w+!>V
%#p K
l(mM-
n}#2^
w}#!r
|`;7a#p/w2/
=<hQQF
Tp _m%
FQZeW
P6T~Bp
c_B2<RT
H;+:y
kCTQO|
hmZ3NBM
}[n*d
;;dIa
5_P<tV
8:Ho,H
^JqDn
Nh5e.
\mN8Z
R]u,Q5
|G6!C
)|U-0
c.m)#
<`!;c
<wRX6
TyB/0
RxILZB_
BFiH?
Zqy%cK{
Q2"qG
$#[kA}
d?+vH-
";>2E\
k}U`;
"nY4i
Qg5]_
J0k;9
'X/{^t_t?}
QjXQ>
ET(&l
Cy05Y
>=Qwn
GpvV?
~K"NB
T_f>Sz
Ja6c"
n/=;_
OH05%
DqaCM
Mg^Z|_
)#o9l
V*No3N
Ql<%DY
9yT{s
O2s4P
l vBankC
vl}3_
nLT39
ss[L]
tEJK/f~
\97nT
:UquK
IZv"R
ZT'k$
K|"DO
(" ba3
TCK:7
d31<n
#9Cq^
c7N)x
&As'Z
[7[o=
CXRpW
gR/VW
'\%*
iQ9PF&
eVb:'
90'2z<
vU]@^
vE~Di
G$V|R
m t,=
ABM<p
~|Ce:)x
KAj0
XjQ6G
HS6G$
^'*j)
-|Tt'@
] uGUV4
w?L8>.
*4;]D
%:H(
mNQKef5
Gu~D7G
N,A/5
-}Hl%-
gPfr1
\wp|^
R*{n[H,];l
/a'9R
S)Jvg
mODG|EK
P<C0?
1TV=p
WFW%R
*z9&A
FZ{^z
ta?26a
6=;K-
bOvn-;v
i.m]Gw
CX%^`
~z(#n
{\@,fx
IQX&U
*%La[
zRD 4
6-7U4
udwkV
1ZA*Tp
x: nQd-+
al"B%a4
/Th(]v
fG()h-Q$
&((b>KU
f'&:{
y(xOY
9]T{N
ZfR|62
fH"3W
nwu9t!
0'!u
O`yCm\
E"iCJ
0Z%bq
dB \3
>Z7tp
[<!V_cB
GCB4l
P">V'~8
ZiwRYc
99kP.TO5
E0r3xR
&@k2q!
?c~[5V
(N`J;
lC*s3&b?x
)k=z\b!
R$mgik
iA3pb4*
qKq-)!x
usK>>m3
Wvr z
!tk?
u1wii=
U u6W7
dv:tZCn`
-B^aYe
>>].S)
BAZ=cJ
0>#kn
O+ z,#
:j^jB%i
'c:&0
H|pWu
c7E*l"m
dmK)F
:3E|f
3h4\4
bi*Gj
;^^DR
y{|FW*N#
K5'))Q
|CGl#
I:j'_
`vn5eD
5}`haP
8/ Yv
>6-A1
-QqPc
greYG!
BAQhM
8_IFH%
96^{(
9~0y1
StKZRe
LO3Y+LD
Q_|1V
8%qWL
<Uv<:0
v=#H2
LQ<%p}
rzJKd
:;A&S
RuAFR
FNYRD
q-2=u
eu,Gc
+\oL[
r!AYc
s7xhPq
I<H}X
>?jO"
<>6sl
<=6G}
w9Y9P
KBfk'
/MUki
brN.#X
PG?26
Az1\DP
G5is>
;"a0X
r^C,<v
@M8ZZ
][4{8
GSn_I
ZVE%<z/(dX
+3VCU:$
>2bvG
2esbN5
Ri4kX
g{ ,:Pu
:^-M:`-
3'\Qx
`}_J/
m4"aZ
onb/4-
zz\%-
,c{yl~
eY*LrZ%Lg
Eqfk8
i,4Q{
)y*g[
[8QW(T
B>=hL
K3x1AY
DyMEV
%Jc(yK
N0.E!
s!Ij9
{#Yzv+F/oi
21W+x
cz,F<
1>Kudy
Dr<!DJ
:Ob~$z
)#5S4
GMTWkM
z.OTf
V]+m0
;iAJ\}
KtF_=
RrMZ3X
;FyT*\w&
3[.RK
;Pv"[
#u,(c
/!CO/~
jz}&b
>0f5J
?*Uuv
$?/oB
rc'Bk
aS-BP
'J,X#
Yc7*$
]/e#<^lFt
1*/^R
V'R#0
=fFPb
-e1.r`x
`;GIj
~~h+w
Rz7CiB
TJv6/r
DJ*-;cg?
3]BD2
3E`PRD/
S[F5|
Qr7,"
&bQ,d
T=]]H
7VhZ2
A4b"Y
DsEi;
$h=PaX
o,BB|6;vT
b1FUTq
?a8wP|
ZZl(Z
kbw:p3
C~,Ty
d!2hi
%q9Lr
W=L=L
"r|%s\
"=~);
bE~E`
_|p8wF
A(sx5
x~$<K
E?JU!!
9hP-2
Sa}'z
zg=`S
5&T.{
.YX')
9kLGQM3R
`,]#j
/R+Sz
9a3-8
s]RT_l
MpVIib
Vc*aj
\^w3"Z
\$8I#
ML3MH
i]O%"
cxHFq
JKe<+
vsYey
kc.dL?
753k
f>'Eh
>vED'
ukgxJ
`r52y
ks-dkb
Cj=]U
:W}dVz
3&bN7
UXQEv
V6?w$
!Qx9"|
RIu!V
[Rh~y
ALlmr
miV6NO
> ie2?
Ou3Gjx
}#/)h
%q$xu
6=3$u
Ps4v!
0BezV
w0vN
rGe7j
qt"[ia
2R{KN
eiIaor]h
h+A*k;b
/vdW8
l!7w^W8
&Pj^x
xI&`7
isq?j
ZM.[)
YyBM.
\*=Gy
V}K~C
V5F0z_5
<fxds`
6_6MZk
<B)}8
$U|,Uxe
d|M.!Tyk,
-9v;(
|fx"B
R;zMJ
zt'"5p
j\=\m
f*~#l
.DDV>
bm{~-^F
g|_\/n
t]U5cai
na)gn
f0/#[
yQNQR
:*iP~o
H`[$t
(Y<;r
pz?eR
]J\{B
;Z#t&
ndMmQ
zr]V6
89.4m
%&`0R[<
dHk!F~v
69NWv&
ZFCsJ(
~e2[f{.g}a
DIc'Ch
{xyD}%x
~qY%<
[5-_Uen
%sm<YJr
31+PZ?
2,Zj8i||
4U p"
"VwS7e<
A4o=G
oV":@
F%K'4
=VE(mr
@-8_2
NL#9SL
FL 9GK
"^%\{
:Cv#eH
UpIS%9L
<MD4-^-6
'for56v
|H:Z$
(r?"R
h &uIN
e_9sV @"
iv1eY
r,5|
WRw~X07
@iT5F
s{|c1
6d2.j
IHPxKk
~3y)t;
ZK"87
Yu<2?
Mt~FH
L=|jh
IT"ov
EL_/u
g{I#ptfb
qrS(=^
$"Q(U
_.wI&d?fG`/
DwJ9,
=D$o'-
ma2Qn
e'>nP%
p}Cdg\F
\)]X]
+6 ;3
=o$W|
: hA:
]!4I)
ZIDD2
0ZO)M
mj|xh
WpiiE
nB;1F
*<vds7b
d9:]g
x2c|9
gl_W&
i bmp
Ko#2|q+[
IkzYB
cyE>Y
A(/Sgk
oN{.P
t1\Dj0
{9$Oz
Egl&L
8`l<8tl
M-J6V1O
-u!R$
CjvpW
AVg95$
O]' 30
b,N2{
BSx|AUDz-<R
|q_lu
3kG1M
lof!GE
xf&$!G
>ghYv+
t)?,YH
f{ZZ:
ot^Css
5A1?by=
.BuEuD<G
oYk)W
&3* ,
1w 9[gT
00|?4L
5R}>%
B'U+`
KJ]h>
J^b h
DOIc%k
X)roIW
BHTv7
h>LS+$L
TS\|d
fIEMH
n^6K&CE
E>t;rV
KSE04O
w[Nsc
FKm0%
6Cgr~Y
X<cl^@C$
K>#$&^
{!su,
-UR]3
p"{=Nq
/5G|V
T]NbV
=6=E~
r$=/?
vt<b8
F}R)+
uBIne
[?3D;
OZ(vQ
eA$$;A
$&|1S["
meFvi
+!+Y/
FwY0r*
7^jL#
M0fR8A}5
s[1h_bLJc
ZynnI
hxeU&bgy
9p_??
%%9P!
Iuu84
KZ"kQ
djtSC
R_(e,
FiffFM6S
^4Cio\
?F'uwO%]h
(<+,E!C
;fK]x
$,r:'D)$
]Ix~[
>t<$<
~0O2R
"(ZAkK
\/vzn
j<+c.
AGN;y
!Lqb=
0:/vp
h'a_xS
}h'z3
Tp-O,
^*Qni+
p*r4.
K]t\o
VO} 3
KQFhoT
hwM:3
:|Jv/
9;G>#YR
a>fdUg
jC\9z
-|e[8
:"$s:
=]{(:=f
.uc +i
q~W;t
x:{s
fRhNb
Y!^#A!
y(B"x"
0h%?S
@,p%\
YGl'>
HVIJN
EzH3^X_
<)mo0p
CE/.u
{n3Ci
q,#\zC
RFI5b
y1!9K
da!:r[
z.;%h
!T&ii
P}wG1
X|IWY
y!1_n
L0l ]
ljYayJ
WcZ+HJ
5PoVM*[
KBc!=x
n9f$r
)4q!0
ZB`Wp
*;"F9"
r?)D]9J,
:Vv~-
'gu2q
fl8Msz
\2WU/
9*)Q3
6RKnL
K)R)B4
Vu{F^U
es<6B
l??an
adaby0F
pEA^qY
JPgHH
-Z`F78
}#9MqJ7^]
@j`TB
BUP\w
wyPqhH
=hV|/5p
,ex`.
Vs2J{
&\P}7
w>Osw>
ge?Xm
}Lv|}
+,DZUx
0:{0P
}U 3h
<M.KE
"/3Pp
{OG&T
Jb-&w
W=i9,
crJ'n
93msP
//UCy
V/NLu
[5w1>,
K/a4-5:$=#)\
]2#@e
^BbD;
B#dIW
QV\RH
;;mCR
Z -oW
85$u$
U-#x3
1[E~q
|m`,;%
$D#cW
On`kO,P
#?wG3E
nbe,X
"2j%R
U5HVZC
)l-z4z/
^QPjN
G7cIr
|dRLcL
Q]#ya
.2(F=|E.X
&'^qf
N[0qF+
w9#lr
V.*CSOv2
<*]gu
& uBs
<<c6D5:
?t;=?Z
&nMbu
ME ~;;
@-jxP
!9K)E
Y,![E
LJ"HtH}
\;cuu
xaE"qe
^.V^=
RTZLQ
0|f[l
kx~)nT
&w&F*
\olyfew
3Mn{p
y8/jPU.
yrZm5
H#F]n
(^1V!
6U68c7
&nz1Z
Y ^BS
`<fV:
t7!RK
])r`u
roDpy
\_FQq
QqiEG
CkH#Vn^
m("+~
P,lECex:`
8,aT'
8.D6g
@OA5/
NY`$Mr
/m.4j9.
=VG/2
>JcTA
Q4jr/
hK;dV{,
M=4/]371z
.<zB=(
]N,|u
dx`#Rz
Z'?dm
.)Yy3G
{bS!x
L2LIy
`YqgR
R&\L w5^
K=ct=
/Uy.*
[BLLY
7%976}k[8
) 1 5x
1XGWRXy{
lCr&+
5\L7B
*TlGI
@DlIx
86[HuZ
wF!,j
_&vyW
8,^:8=j
l"i,v
t(P"@XU!
6QT:[
f?GFB7
feu[]R
ieQT=
f"OVOhA>
:GFd:
{=gWj7
-.>e~
3O;w8
nZv}?
GW2im
RgTPTLF
jX' W
].?f%
d|Cn^;
c1T~S
?H/pY
PN\FZ|k,
bXSS'
3u;,L
D)A12
I8QM#f
gIa{h
Z* <$
Ko7]\
7/R#>J_
-"]#E
yj8:6
pY\ml
;l1(<
Y>Lx.
=4f[&Tu
lcssl
X299T/
mIXZi
j*Qn=
5"a&P
Fz'%5
_YK^p
-JU)@.J
+M'rSGz
3WNi=
>p(#EB
G9pQI),
V+")_
Q/6at
RSc(Uk
/J)5^
lU*l\
rVho1"
&cWl(b
KZO\:-
aIYjM
m{1I6
RZh<{
=P_t?J{*\\s6
P+pZ)}
j~9wx
lLNjLxSz
+HA.8
BQEV:<.
uo"=]
\PG[`
VLc}%k"j
[h{qR;\3>a
a:r\/L
"V!OC
08l69
p,kBG
3=u]g
SD3t{
T;FJp
M*7`"
"it^jVa
?z0G1
s/}}&
iE6~N
Q34qv
iI"A/
M's`I
Eqb\@
Dl_hPe
^#dprRa
N}.b*i
{40?2
Y-o2P
/2:w[
}kg4_;
aEsR'c
<JuS`
[E,[
/n%_&4
m$5*S
aSa#tfL7
fj;a>
{nJ %
`|_j:
Ko;o`
nPQ=
#z.#shRcz
B=a^[
$:'edPM
ZY.T~C
MVey~
M[GgT
QZoKN
],GW}uJ
9uVw#sd
YO|$_Gx
0hmv'h
xi`a.
/4{G2
T[%A:7
6?^ay
S]3Rb!7E
1j=hM
ya`YT
7U8)h
+>/,O
Ne`QnS
N}1'e
nnd|6l
_Ks#[
Nx$&kz>
R\f+'
,}%2$h!
U+eF|
o.Y49Z_
Rl7]/\D
C>t69i
8]J0AwF
@_Z3&
X$K0J
D`H$x-:
H)cR-h
D>M\-
VXUbm
Aa0DI
Hlj.H?
-~J(U
(d6]Hl8Di
)s6#vn]
,0A< DMI
"AfSj
h9/"jD
WQ6-U
uWQ"g
*mysx
BETL#
$zp8P
dm3*|A
-)~5Ka|
Dk{04f2
H)I+^6/
2SknG
v4"Iv,CAf3
nHzki.
[a\JA
baUg*
]:i]2
DYwVOX1
XyD4bu3
5?Wm\y
\i6y"p<54j2
J+;Fwq6
Mq4{D
& +r]
$~mEx1!v
d?Y(&;
m|Qtq0
C\OA,
OcE:I
Yw1-7/1.
xuG'o
Ohr4ac
E ]$o
r]v_e
0^-M
7i2$48
{6wi-GvMW
@eCV\?
nxR?.
(q*46
B!%[f>
q:equ.
@ArN/
t Oo%
Sz![Q
)!G^n
{.`yZ
XnHBX[Y
Tg`dLo[
1!/]F
4XZ,l
obi2D
YRWd3b
rQhO^
#Z|s=*
1uJtg
e$9Y}
7.zo9h_
k.srH
!8`AY
#Dt0A
g4E.k
eI<E<i
-] f<
&Jm&F
f]d^Du>
VD7#t
DxO5`
kg&%y
sB_Sz
jPa1KE
OQ7)G
n&#2z]
\*O4Y
`#1?c
JUK}I%
+p<Ct
5Kqx)\
=Qm&H
EbDxBD<
ty Ql>
jf-jO
`wshe
zCw?F^
O\1L7
Cyerv3
nk-%V_
(*.lN>
kxwX/
s7B2:
.~~Z(
;5zPk
|,Q#O
T2Ws%
v1)A:
R*007!
%lg4K
b"QqesgE
m2bos
<P`M,
oIBU"
k>]Sq
Hl;#5PT
]khkv
@F|s`e
n)q[v
0.<6iD3
tCEfq
vQ:KzR
EBR~H
X<yIZ
D*/[C
c8))U
g-HXWo,
ZM+c6
\k7K>
B29\u
L*3{`6X
&Vk['F
J2\N)?
)|F/oP
/+I3?
&2/t|
%TBNIjxM
tNe3SYz,>
h~N)i
'jS{*d
28M)z
]]ta#
h|G{h
gez\=
AatD'b
^JIy"
];EPb
}z v4X
Z|&Lb
qjA q~
re#~HV
-m#P%e(
z{hPpC
~Kk)IkT
?.;h':/_
{'B?C
;LD!&h
'c:wy
aaTJZo
Ux-H4H*
?mtya
r6-!L5]
Y{@duw
#3og?N+
Dy`O{
=om<3
LppUZ\
T8<ZM
'Ph``
%wp?t>
@\{^m
FZ-D0c,+c
DsR ?e
x}c"o
:XT{la
XrcvI
ZDs=_?Q=
2qH#T
(NGd#
5a{_'>
&y%)(p
Q4:x(
6>sK}
]j+c.
nPA43H
;?b_u
)!}LW
9"e5)
UeZ%\Q
vRZK[L\
1Yt"B(
'X,(^Y0_d#
Wy'Xj
Yi;xz$
W%]3\
OVs">
|8mxCV`^b~q
UZAUQ
(iO00
4iev|t
|Nx#!E
h[Ae-
inU0S
T$HBTLu
H'4)Y
$!B{G
-A[c.
@>W*>O
#S2Cs
WODRX
4 |C4 |?4 |B4

Full Results

Engine Signature Engine Signature Engine Signature
Bkav W32.OngameMKH.Trojan MicroWorld-eScan Gen:Trojan.Heur.KS.2 FireEye Generic.mg.8626242719c85dfb
CAT-QuickHeal FraudTool.Security McAfee Generic FakeAV.ama Cylance Unsafe
Zillya Trojan.FakeAV.Win32.57144 SUPERAntiSpyware Trojan.Agent/Gen-FakeAlert K7AntiVirus Trojan ( 002155461 )
Alibaba Trojan:Win32/FakeAV.b6ac5781 K7GW Trojan ( 002155461 ) Cybereason malicious.719c85
Arcabit Trojan.Heur.KS.2 Invincea heuristic BitDefenderTheta AI:Packer.A20BC7AF14
F-Prot W32/SuspPack.DA.gen!Eldorado Symantec Trojan Horse TotalDefense Win32/FakeAV!generic
Baidu Clean TrendMicro-HouseCall WORM_KELIHOS.SM Paloalto generic.ml
ClamAV Win.Trojan.FakeAV-168 Kaspersky Trojan.Win32.FakeAV.asbq BitDefender Gen:Trojan.Heur.KS.2
NANO-Antivirus Trojan.Win32.FakeAV.bwfnp ViRobot Trojan.Win32.FakeAV.317952 Avast Win32:FakeAlert-AAZ [Trj]
Tencent Clean Ad-Aware Gen:Trojan.Heur.KS.2 Sophos Mal/FakeAV-IH
Comodo [email protected] F-Secure Trojan.TR/Crypt.XPACK.Gen DrWeb Trojan.Packed.21552
VIPRE VirTool.Win32.Obfuscator.da!j (v) TrendMicro WORM_KELIHOS.SM McAfee-GW-Edition BehavesLike.Win32.FakeAlert.fc
SentinelOne DFI - Malicious PE Trapmine suspicious.low.ml.score CMC Trojan.Win32.FakeAV!O
Emsisoft Gen:Trojan.Heur.KS.2 (B) APEX Malicious Cyren W32/SuspPack.DA.gen!Eldorado
Jiangmin Trojan/Fakeav.jss Webroot W32.Malware.Gen Avira TR/Crypt.XPACK.Gen
Fortinet W32/Krypt.N!tr.dldr Kingsoft Clean Endgame malicious (high confidence)
Microsoft Rogue:Win32/Winwebsec AegisLab Trojan.Win32.FakeAV.4!c ZoneAlarm Trojan.Win32.FakeAV.asbq
Avast-Mobile Clean TACHYON Trojan/W32.Agent.317952.BH AhnLab-V3 Trojan/Win32.FakeAV.R829
Acronis suspicious VBA32 Trojan.MTA.01004 ALYac Clean
MAX malware (ai score=94) Malwarebytes Trojan.FakeAlert Zoner Clean
ESET-NOD32 Win32/Adware.SystemSecurity.AD Rising Malware.Undefined!8.C (TFE:5:VEuKYa4ZGYF) Yandex Trojan.Waledac.Gen!Pac.11
Ikarus Trojan.Win32.FakeAV GData Gen:Trojan.Heur.KS.2 AVG Win32:FakeAlert-AAZ [Trj]
Panda Trj/Agent.FX CrowdStrike win/malicious_confidence_100% (W) Qihoo-360 Trojan.Downloader.Win32.Waledac.A
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 89.187.53.223 [VT] Moldova, Republic of
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

TCP

Source Source Port Destination Destination Port
192.168.1.9 49177 89.187.53.223 80
192.168.1.9 49179 89.187.53.223 80
192.168.1.9 49180 89.187.53.223 80
192.168.1.9 49182 89.187.53.223 80

UDP

Source Source Port Destination Destination Port
192.168.1.9 51751 1.1.1.1 53
192.168.1.9 53599 1.1.1.1 53
192.168.1.9 54609 1.1.1.1 53
192.168.1.9 55233 1.1.1.1 53
192.168.1.9 55319 1.1.1.1 53
192.168.1.9 59058 1.1.1.1 53
192.168.1.9 59225 1.1.1.1 53
192.168.1.9 64674 1.1.1.1 53
192.168.1.9 137 192.168.1.255 137
192.168.1.9 51751 8.8.8.8 53
192.168.1.9 53599 8.8.8.8 53
192.168.1.9 54609 8.8.8.8 53
192.168.1.9 55233 8.8.8.8 53
192.168.1.9 55319 8.8.8.8 53
192.168.1.9 59058 8.8.8.8 53
192.168.1.9 59225 8.8.8.8 53
192.168.1.9 64674 8.8.8.8 53

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

Source Destination ICMP Type Data
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
1.1.1.1 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
8.8.8.8 192.168.1.9 3
89.187.53.223 192.168.1.9 3
89.187.53.223 192.168.1.9 3
89.187.53.223 192.168.1.9 3
89.187.53.223 192.168.1.9 3
89.187.53.223 192.168.1.9 3
89.187.53.223 192.168.1.9 3
89.187.53.223 192.168.1.9 3
89.187.53.223 192.168.1.9 3
89.187.53.223 192.168.1.9 3
89.187.53.223 192.168.1.9 3
89.187.53.223 192.168.1.9 3

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Type Extracted Shellcode
Size 1391 bytes
Virtual Address 0x00340000
Process nMpEgLh21700.exe
PID 3180
Path C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe
MD5 06ef931be0c12880d096648c1912f151
SHA1 d72b3f20ebdf8d439a19d1cdd412a30cd8025c3a
SHA256 1143e691a124ef8413abdd6a8a58c36d6bbe848ae76ceec8d5b467487a2dbb3b
CRC32 5EB192F9
Ssdeep 24:BYD008WY3Lm2WkBHxlbHELlI3Foydldri3by4S0M76lwM:SD008h3a2WkBfbH2lI3F9i+1N7DM
Yara None matched
CAPE Yara None matched
Download Download zip

BinGraph Download graph

Process Name nMpEgLh21700.exe
PID 3180
Dump Size 723968 bytes
Module Path C:\ProgramData\nMpEgLh21700\nMpEgLh21700.exe
Type PE image: 32-bit executable
PE timestamp 2011-02-24 21:58:20
MD5 a7ea9939295b8ce920e380352b6f2ab0
SHA1 d113a5eb0ed5719c33c468ae53bff54c719df3d7
SHA256 08c8d5254bc960b56c054e34bbc5e2b9fa0134b57e9409816d65a50c434bfb5c
CRC32 0F9FF973
Ssdeep 6144:MgUK4fsHqkwtn309U+rRgdhFJN4xuoezydKhbMsJbYJugBnKrcy6X5WTJJvGnyMi:MgwsH6V09U+r+dhFraX563On/POOnaI
Yara
  • vmdetect - Possibly employs anti-virtualization techniques - Author: nex
Dump Filename 08c8d5254bc960b56c054e34bbc5e2b9fa0134b57e9409816d65a50c434bfb5c
Download Download Zip

BinGraph Download graph

Defense Evasion Execution Persistence
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature
  • T1129 - Execution through Module Load
    • Signature - dropper
  • T1060 - Registry Run Keys / Startup Folder
    • Signature - persistence_autorun

    Processing ( 83.09799999999998 seconds )

    • 74.406 BehaviorAnalysis
    • 5.213 Suricata
    • 0.893 Static
    • 0.793 NetworkAnalysis
    • 0.649 peid
    • 0.498 CAPE
    • 0.241 VirusTotal
    • 0.131 Deduplicate
    • 0.097 AnalysisInfo
    • 0.064 Dropped
    • 0.059 ProcDump
    • 0.032 TargetInfo
    • 0.014 Debug
    • 0.008 Strings

    Signatures ( 32.573 seconds )

    • 3.35 antivm_generic_disk
    • 2.284 mimics_filetime
    • 2.129 stealth_timeout
    • 2.125 virus
    • 2.043 decoy_document
    • 1.879 reads_self
    • 1.803 Doppelganging
    • 1.69 lsass_credential_dumping
    • 1.677 stealth_file
    • 1.569 bootkit
    • 1.556 hancitor_behavior
    • 1.535 api_spamming
    • 1.452 NewtWire Behavior
    • 1.187 antivm_directory_objects
    • 1.109 antisandbox_sboxie_objects
    • 0.973 injection_createremotethread
    • 0.683 InjectionCreateRemoteThread
    • 0.624 vawtrak_behavior
    • 0.605 InjectionInterProcess
    • 0.468 process_interest
    • 0.405 injection_runpe
    • 0.396 InjectionProcessHollowing
    • 0.296 process_needed
    • 0.2 injection_explorer
    • 0.111 antidbg_windows
    • 0.075 antiav_detectreg
    • 0.029 antisandbox_sleep
    • 0.027 infostealer_ftp
    • 0.026 territorial_disputes_sigs
    • 0.015 antianalysis_detectreg
    • 0.015 infostealer_im
    • 0.013 antiemu_wine_func
    • 0.012 dynamic_function_loading
    • 0.012 ransomware_files
    • 0.01 antivm_vbox_libs
    • 0.01 malicious_dynamic_function_loading
    • 0.009 exec_crash
    • 0.008 infostealer_browser_password
    • 0.008 antivm_vbox_keys
    • 0.007 kovter_behavior
    • 0.007 ransomware_extensions
    • 0.006 exploit_getbasekerneladdress
    • 0.006 antiav_detectfile
    • 0.006 modify_proxy
    • 0.006 infostealer_mail
    • 0.005 antiav_avast_libs
    • 0.005 exploit_gethaldispatchtable
    • 0.005 persistence_autorun
    • 0.005 antivm_vmware_keys
    • 0.004 antivm_generic_scsi
    • 0.004 infostealer_browser
    • 0.004 antivm_parallels_keys
    • 0.004 antivm_xen_keys
    • 0.004 infostealer_bitcoin
    • 0.003 antivm_vbox_window
    • 0.003 dyre_behavior
    • 0.003 antianalysis_detectfile
    • 0.003 geodo_banking_trojan
    • 0.003 masquerade_process_name
    • 0.002 antiav_bitdefender_libs
    • 0.002 antiav_bullgaurd_libs
    • 0.002 antiav_emsisoft_libs
    • 0.002 antiav_qurb_libs
    • 0.002 antiav_apioverride_libs
    • 0.002 antidebug_guardpages
    • 0.002 antiav_nthookengine_libs
    • 0.002 antisandbox_sboxie_libs
    • 0.002 antisandbox_script_timer
    • 0.002 antisandbox_sunbelt_libs
    • 0.002 antivm_vmware_libs
    • 0.002 betabot_behavior
    • 0.002 Raccoon Behavior
    • 0.002 kibex_behavior
    • 0.002 blackrat_registry_keys
    • 0.002 sets_autoconfig_url
    • 0.002 antivm_generic_diskreg
    • 0.002 antivm_vbox_files
    • 0.002 antivm_vpc_keys
    • 0.002 browser_security
    • 0.002 disables_browser_warn
    • 0.001 EvilGrab
    • 0.001 anomalous_deletefile
    • 0.001 antivm_generic_services
    • 0.001 regsvr32_squiblydoo_dll_load
    • 0.001 exploit_heapspray
    • 0.001 network_anomaly
    • 0.001 OrcusRAT Behavior
    • 0.001 recon_programs
    • 0.001 removes_zoneid_ads
    • 0.001 securityxploded_modules
    • 0.001 tinba_behavior
    • 0.001 TrickBotTaskDelete
    • 0.001 antivm_xen_keys
    • 0.001 antivm_hyperv_keys
    • 0.001 ketrican_regkeys
    • 0.001 bypass_firewall
    • 0.001 darkcomet_regkeys
    • 0.001 revil_mutexes
    • 0.001 limerat_regkeys
    • 0.001 recon_fingerprint

    Reporting ( 5.771 seconds )

    • 5.528 BinGraph
    • 0.235 MITRE_TTPS
    • 0.008 PCAP2CERT