========================================================================

ANSICON (64-bit) v1.88 log (10) started 2019-04-18 20:06:30

ansicon (24904): Parent = cmd.exe (24600)

cmd (24600): hDllInstance = 00000000_6E440000
cmd (24600): Storing my imports
cmd (24600): Hooking cmd.exe
cmd (24600): Hooking ntdll.dll
cmd (24600): Hooking KERNELBASE.dll
cmd (24600): Hooking msvcrt.dll
cmd (24600): Hooking WINBRAND.dll
cmd (24600): Hooking USER32.dll
cmd (24600): Hooking GDI32.dll
cmd (24600): Hooking LPK.dll
cmd (24600): Hooking USP10.dll
cmd (24600): Hooking IMM32.DLL
cmd (24600): Hooking MSCTF.dll
cmd (24600): Hooking apphelp.dll
cmd (24600): Hooking completed
cmd (24600): Injection detected
cmd (24600):   Hooking completed

ansicon (24904): Terminating
ansicon (24904): Unhooking ansicon.exe
ansicon (24904): Unhooking ntdll.dll
ansicon (24904): Unhooking KERNELBASE.dll
ansicon (24904): Unhooking msvcrt.dll
ansicon (24904): Unhooking ADVAPI32.dll
ansicon (24904): Unhooking sechost.dll
ansicon (24904): Unhooking RPCRT4.dll
ansicon (24904): Unhooking completed

cmd (24600): CreateProcessW: "C:\WINDOWS\SYSTEM32\notepad.exe", notepad  testbac
kfill.bat
cmd (24600): notepad (21704)
cmd (24600):   64-bit GUI (base = 00000000_FF8B0000)
cmd (24600):   Ignoring
cmd (24600): Terminating
cmd (24600): Unhooking cmd.exe
cmd (24600): Unhooking ntdll.dll
cmd (24600): Unhooking KERNELBASE.dll
cmd (24600): Unhooking msvcrt.dll
cmd (24600): Unhooking WINBRAND.dll
cmd (24600): Unhooking USER32.dll
cmd (24600): Unhooking GDI32.dll
cmd (24600): Unhooking LPK.dll
cmd (24600): Unhooking USP10.dll
cmd (24600): Unhooking IMM32.DLL
cmd (24600): Unhooking MSCTF.dll
cmd (24600): Unhooking apphelp.dll
cmd (24600): Unhooking completed

ansicon (25964): hDllInstance = 00000000_6E440000
ansicon (25964): Storing my imports
ansicon (25964): Hooking ansicon.exe
ansicon (25964): Hooking ntdll.dll
ansicon (25964): Hooking KERNELBASE.dll
ansicon (25964): Hooking msvcrt.dll
ansicon (25964): Hooking ADVAPI32.dll
ansicon (25964): Hooking sechost.dll
ansicon (25964): Hooking RPCRT4.dll
ansicon (25964): Hooking completed

ansicon (27504): hDllInstance = 00000000_6E440000
ansicon (27504): Storing my imports
ansicon (27504): Hooking ansicon.exe
ansicon (27504): Hooking ntdll.dll
ansicon (27504): Hooking KERNELBASE.dll
ansicon (27504): Hooking msvcrt.dll
ansicon (27504): Hooking ADVAPI32.dll
ansicon (27504): Hooking sechost.dll
ansicon (27504): Hooking RPCRT4.dll
ansicon (27504): Hooking completed

========================================================================

ANSICON (64-bit) v1.88 log (10) started 2019-04-19 9:20:58

ansicon (27504): Parent = cmd.exe (26172)

cmd (26172): hDllInstance = 00000000_6E440000
cmd (26172): Storing my imports
cmd (26172): Hooking cmd.exe
cmd (26172): Hooking ntdll.dll
cmd (26172): Hooking KERNELBASE.dll
cmd (26172): Hooking msvcrt.dll
cmd (26172): Hooking WINBRAND.dll
cmd (26172): Hooking USER32.dll
cmd (26172): Hooking GDI32.dll
cmd (26172): Hooking LPK.dll
cmd (26172): Hooking USP10.dll
cmd (26172): Hooking IMM32.DLL
cmd (26172): Hooking MSCTF.dll
cmd (26172): Hooking apphelp.dll
cmd (26172): Hooking completed
cmd (26172): Injection detected
cmd (26172):   Hooking completed

ansicon (27504): Terminating
ansicon (27504): Unhooking ansicon.exe
ansicon (27504): Unhooking ntdll.dll
ansicon (27504): Unhooking KERNELBASE.dll
ansicon (27504): Unhooking msvcrt.dll
ansicon (27504): Unhooking ADVAPI32.dll
ansicon (27504): Unhooking sechost.dll
ansicon (27504): Unhooking RPCRT4.dll
ansicon (27504): Unhooking completed

cmd (26172): Terminating
cmd (26172): Unhooking cmd.exe
cmd (26172): Unhooking ntdll.dll
cmd (26172): Unhooking KERNELBASE.dll
cmd (26172): Unhooking msvcrt.dll
cmd (26172): Unhooking WINBRAND.dll
cmd (26172): Unhooking USER32.dll
cmd (26172): Unhooking GDI32.dll
cmd (26172): Unhooking LPK.dll
cmd (26172): Unhooking USP10.dll
cmd (26172): Unhooking IMM32.DLL
cmd (26172): Unhooking MSCTF.dll
cmd (26172): Unhooking apphelp.dll
cmd (26172): Unhooking completed

ansicon (26584): hDllInstance = 00000000_6E440000
ansicon (26584): Storing my imports
ansicon (26584): Hooking ansicon.exe
ansicon (26584): Hooking ntdll.dll
ansicon (26584): Hooking KERNELBASE.dll
ansicon (26584): Hooking msvcrt.dll
ansicon (26584): Hooking ADVAPI32.dll
ansicon (26584): Hooking sechost.dll
ansicon (26584): Hooking RPCRT4.dll
ansicon (26584): Hooking completed

========================================================================

ANSICON (64-bit) v1.88 log (10) started 2019-04-19 9:21:10

ansicon (26584): Parent = cmd.exe (26988)

cmd (26988): hDllInstance = 00000000_6E440000
cmd (26988): Storing my imports
cmd (26988): Hooking cmd.exe
cmd (26988): Hooking ntdll.dll
cmd (26988): Hooking KERNELBASE.dll
cmd (26988): Hooking msvcrt.dll
cmd (26988): Hooking WINBRAND.dll
cmd (26988): Hooking USER32.dll
cmd (26988): Hooking GDI32.dll
cmd (26988): Hooking LPK.dll
cmd (26988): Hooking USP10.dll
cmd (26988): Hooking IMM32.DLL
cmd (26988): Hooking MSCTF.dll
cmd (26988): Hooking apphelp.dll
cmd (26988): Hooking completed
cmd (26988): Injection detected
cmd (26988):   Hooking completed

ansicon (26584): Terminating
ansicon (26584): Unhooking ansicon.exe
ansicon (26584): Unhooking ntdll.dll
ansicon (26584): Unhooking KERNELBASE.dll
ansicon (26584): Unhooking msvcrt.dll
ansicon (26584): Unhooking ADVAPI32.dll
ansicon (26584): Unhooking sechost.dll
ansicon (26584): Unhooking RPCRT4.dll
ansicon (26584): Unhooking completed

cmd (26988): Terminating
cmd (26988): Unhooking cmd.exe
cmd (26988): Unhooking ntdll.dll
cmd (26988): Unhooking KERNELBASE.dll
cmd (26988): Unhooking msvcrt.dll
cmd (26988): Unhooking WINBRAND.dll
cmd (26988): Unhooking USER32.dll
cmd (26988): Unhooking GDI32.dll
cmd (26988): Unhooking LPK.dll
cmd (26988): Unhooking USP10.dll
cmd (26988): Unhooking IMM32.DLL
cmd (26988): Unhooking MSCTF.dll
cmd (26988): Unhooking apphelp.dll
cmd (26988): Unhooking completed

ansicon (24260): hDllInstance = 00000000_6E440000
ansicon (24260): Storing my imports
ansicon (24260): Hooking ansicon.exe
ansicon (24260): Hooking ntdll.dll
ansicon (24260): Hooking KERNELBASE.dll
ansicon (24260): Hooking msvcrt.dll
ansicon (24260): Hooking ADVAPI32.dll
ansicon (24260): Hooking sechost.dll
ansicon (24260): Hooking RPCRT4.dll
ansicon (24260): Hooking completed

========================================================================

ANSICON (64-bit) v1.88 log (10) started 2019-04-19 9:22:02

ansicon (24260): Parent = cmd.exe (23080)

cmd (23080): hDllInstance = 00000000_6E440000
cmd (23080): Storing my imports
cmd (23080): Hooking cmd.exe
cmd (23080): Hooking ntdll.dll
cmd (23080): Hooking KERNELBASE.dll
cmd (23080): Hooking msvcrt.dll
cmd (23080): Hooking WINBRAND.dll
cmd (23080): Hooking USER32.dll
cmd (23080): Hooking GDI32.dll
cmd (23080): Hooking LPK.dll
cmd (23080): Hooking USP10.dll
cmd (23080): Hooking IMM32.DLL
cmd (23080): Hooking MSCTF.dll
cmd (23080): Hooking apphelp.dll
cmd (23080): Hooking completed
cmd (23080): Injection detected
cmd (23080):   Hooking completed

ansicon (24260): Terminating
ansicon (24260): Unhooking ansicon.exe
ansicon (24260): Unhooking ntdll.dll
ansicon (24260): Unhooking KERNELBASE.dll
ansicon (24260): Unhooking msvcrt.dll
ansicon (24260): Unhooking ADVAPI32.dll
ansicon (24260): Unhooking sechost.dll
ansicon (24260): Unhooking RPCRT4.dll
ansicon (24260): Unhooking completed

cmd (23080): LoadLibraryExA "USER32.dll"
cmd (23080):   Hooking completed