Wine log of Super Cute Alien version 46 #146216

sca.log version 46

0022:fixme:ver:GetCurrentPackageId (0x109fecc (nil)): stub
002d:fixme:win:RegisterDeviceNotificationW (hwnd=0x1004e, filter=0x1a3fdc0,flags=0x00000000) returns a fake device notification handle!
0009:fixme:win:RegisterTouchWindow (0x10050 00000003): stub
0009:fixme:wgl:X11DRV_wglChoosePixelFormatARB unused pfAttribFList
0009:fixme:imm:ImmReleaseContext (0x10050, 0x1f5498): stub
0009:fixme:msctf:ThreadMgr_ActivateEx Unimplemented flags 0x4
0009:fixme:msctf:ThreadMgrSource_AdviseSink (0x1f5400) Unhandled Sink: {ea1ea136-19df-11d7-a6d2-00065b84435c}
0009:fixme:imm:NotifyIME NI_CLOSECANDIDATE
0009:fixme:msctf:ThreadMgrSource_AdviseSink (0x1f5400) Unhandled Sink: {ea1ea136-19df-11d7-a6d2-00065b84435c}
0031:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),0,3,(nil),0,(nil)) - stub!
0035:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),0,3,(nil),0,(nil)) - stub!
0037:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),0,3,(nil),0,(nil)) - stub!
Main.hx:166: CPU: unknown


Main.hx:167: GPU: unknown


0009:fixme:ver:GetCurrentPackageId (0x33f5a8 (nil)): stub
FLS.hx:186: 
:: DjFlixel v0.3
:: HaxeFlixel app, 0.1
:: ----------------------------

FLS.hx:249: Desktop Target .. Initializing Filters.
FLS.hx:200: Initializing Sounds.
SND.hx:115: :: Loading sounds from JSON node --
FLS.hx:206: Initializing Controls.
CTRL.hx:103: Info: Initializing Controls.
CTRL.hx:173: Info: Controller not found
FlxState.hx:180: on resize, 1024:576
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/ak1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/miscellaneous_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/refusal_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/greeting_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/impact3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie28.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/greeting_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/shouting_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/confirmation_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/farewell_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/shouting_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/damage_8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/farewell_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/death_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/grunting_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/confirmation_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/completion_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie21.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_15.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/refusal_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/Riccochet3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/dialog/fita5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/farewell_8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/shouting_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns/molotov_fire.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/music_versus2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/head_rip.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/player/land_metal.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/farewell_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/completion_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/death_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/player/step_grass3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/ghost.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/refusal_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/bass.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/grunting_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/prepare_yourself.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/refusal_8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/shell1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/refusal_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/chainsaw_guts.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/bullettime.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/miscellaneous_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/clown5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/damage_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/player/new_step5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/miscellaneous_13.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/greeting_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/damage_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/damage_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/damage_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/farewell_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/completion_6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/death_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/loser.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/farewell_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/refusal_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/greeting_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/completion_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/it's_a_tie.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/player/sword_pick2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie25.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/miscellaneous_15.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_19.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/shouting_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/confirmation_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/farewell_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_17.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns/grenade_hit1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/death_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/confirmation_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/confirmation_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_12.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns/reload.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns/bullet_hit1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/farewell_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/refusal_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/confirmation_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/player/headshot.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_14.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/knock.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/round_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns/Riccochet4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/death_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/alien/alien4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/damage_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/confirmation_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/miscellaneous_17.wav"
Sound.hx:119: Error: Could not load "assets/sounds/slice.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/you_win.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/laser.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/grunting_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/damage_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/shotty.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/death_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/miscellaneous_6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/clown2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/refusal_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/player/new_step2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/shouting_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/greeting_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/miscellaneous_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/death_7.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/player/scream6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns/impact1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/miscellaneous_19.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/shouting_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/farewell_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/confirmation_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/grunting_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/damage_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/farewell_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/jump_3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/grunting_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/larv/19.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/confirmation_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/completion_4.wav"
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
ErroSound.hx:119: Error: Could not load "assets/sounds/speech/male1/farewell_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/grunting_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/confirmation_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/physics/glass_impact6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_16.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/confirmation_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/dialog/fita6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/farewell_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/larv/4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/greeting_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/music_versus3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/explosion_small.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/farewell_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/alien/alien8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/player/step_grass4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/refusal_3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/alien/alien10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/damage_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_11.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/round_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns/Riccochet1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/alien/alien1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/jump_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/shouting_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/refusal_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/miscellaneous_14.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns/fireloop.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/refusal_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/damage_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/greeting_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/death_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns/shell4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/farewell_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/refusal_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/-zombie/monster_growl_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/completion_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/completion_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/impact1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_7.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie26.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/bullettime.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/shouting_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/refusal_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/confirmation_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/farewell_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/farewell_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/you_lose.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/type01.mp3"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/confirmation_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/completion_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/refusal_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/shouting_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/cursor_tick.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_13.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/shouting_7.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/clown_death3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/farewell_6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/confirmation_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/championship_mode.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/completion_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/-zombie/monster_scream_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/grunting_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie19.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_16.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/dialog/dynamic/level5/aed5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/round_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/damage_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/confirmation_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/miscellaneous_17.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/jump_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/dialog/dynamic/level3/aed5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/grunting_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/refusal_6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie12.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns/fire.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/larv/20.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/type02.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/miscellaneous_7.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/birds.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/miscellaneous_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/greeting_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/player/die2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/grunting_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/shouting_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/footsteps/dirt3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/farewell_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/death_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/shouting_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/farewell_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/grunting_3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/-zombie/monster_growl_6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/confirmation_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/completion_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/farewell_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/completion_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/shouting_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie23.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/miscellaneous_14.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_16.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns/weapon8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/Riccochet5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/dialog/fita7.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/shouting_7.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/confirmation_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/death_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/thunder.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/completion_8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/shouting_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_19.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/greeting_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/farewell_3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/alien/alien9.ogg"
r after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error opening sound file, unsupported type.
Error opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
ESound.hx:119: Error: Could not load "assets/sounds/speech/female2/refusal_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/confirmation_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/player/step_water1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie16.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_13.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/vehicle/jump.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/round_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/alien/alien2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/jump_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns/FLESH1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/dialog/dialog2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/miscellaneous_14.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/grunting_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/jump_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/vehicle/squeak2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/death_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/death_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/refusal_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/grunting_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/farewell_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/tie.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/greeting_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/completion_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/completion_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/grunting_6.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/vox/multikill.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/shouting_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/confirmation_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/completion_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/shouting_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/confirmation_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/jump_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/type02.mp3"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/confirmation_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/farewell_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie20.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_13.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/-zombie/monster_growl_12.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/vehicle/drone_idle.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/Riccochet2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/farewell_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/farewell_7.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/refusal_8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/fight.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/physics/box_impact1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_17.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/player/step_metal5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/refusal_8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/confirmation_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/confirmation_3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_15.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/miscellaneous_18.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/refusal_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/confirmation_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/damage_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/grunting_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/refusal_7.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/death_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns/pistol.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/tie_breaker.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/molotov_detonate_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/death_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/player/new_step4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/miscellaneous_11.wav"
Sound.hx:119: Error: Could not load "assets/sounds/physics/bodyhit4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/death_9.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/player/die3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/guns/metal3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/shouting_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/footsteps/dirt4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/farewell_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/completion_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/death_5.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns/shell2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/farewell_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/grunting_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/greeting_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/completion_2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/completion_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/player/sword_pick1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/preddy/taunt.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/miscellaneous_15.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_17.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/grunting_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/farewell_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/confirmation_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/death_10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_16.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/death_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/shouting_8.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/confirmation_3.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/damage_4.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/refusal_8.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/physics/box_impact5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/grunting_10.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/shouting_3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/clown_death1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/farewell_4.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/death_1.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/miscellaneous_19.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/refusal_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/refusal_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/confirmation_5.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/completion_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/grunting_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie17.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/miscellaneous_14.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/final.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/announcer/round_3.ogg"
rror after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error opening sound file, unsupported type.
Error opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound datSound.hx:119: Error: Could not load "assets/sounds/speech/male1/miscellaneous_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/death_6.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/glock.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male3/damage_7.wav"
Sound.hx:119: Error: Could not load "assets/sounds/rollover2.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male2/miscellaneous_15.wav"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female2/jump_1.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/chainsaw_start.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/male1/jump_2.wav"
Sound.hx:119: Error: Could not load "assets/sounds/vehicle/squeak3.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/zombie/zombie10.ogg"
Sound.hx:119: Error: Could not load "assets/sounds/speech/female1/death_9.wav"
Sound.hx:119: Error: Could not load "assets/sounds/guns_slowmo/molotov_detonate_1.ogg"
StateInit.hx:151: wont check date now
Registry.hx:302: already played today
Registry.hx:321: today is Thursday
Registry.hx:340: owned_weapons restored from save []
Registry.hx:371: Registry.init()
Utils.hx:861: fade from
FlxMenu.hx:284: Warning: Can't find element with SID "extra" on page "options"
FlxState.hx:180: on resize, 1366:768
StateMenu.hx:601: SETENTIA [17 waves]
Utils.hx:861: fade from
StateLevels.hx:101: level set
StateGameplay.hx:586: level is 1
StateGameplay.hx:656: game world is ,1
StateGameplay.hx:657: level is ,5
TiledLevel.hx:568: players extra: 0
TiledLevel.hx:1602: added slow to play: 
TiledLevel.hx:1602: added slow to play: 
TiledLevel.hx:1602: added slow to play: 
TiledLevel.hx:1602: added slow to play: 
TiledLevel.hx:1602: added larv to play: 
TiledLevel.hx:1969: added ent to make follow larv
TiledLevel.hx:857: time is now 9
TiledLevel.hx:1602: added blue to play: happy
TiledLevel.hx:1969: added ent to make follow slow
TiledLevel.hx:1803: kill_after_play
TiledLevel.hx:1816: added ship to play: fly_off
TiledLevel.hx:1492: added ent to change goal
TiledLevel.hx:1509: added ent to add  quests
TiledLevel.hx:1526: added ent to remove quests
TiledLevel.hx:1509: added ent to add  quests
TiledLevel.hx:1526: added ent to remove quests
TiledLevel.hx:1509: added ent to add  quests
TiledLevel.hx:1526: added ent to remove quests
TiledLevel.hx:1526: added ent to remove quests
TiledLevel.hx:1509: added ent to add  quests
StateGameplay.hx:1098: * PHYSICS ENABLED * [tiles converted]
StateGameplay.hx:1103: ********** USE_LOCAL_FOLDERS ENABLED **********
Registry.hx:698: applying customization data: [[alien/masks/fito,alien/eyes/1,-4263316,true,false],[alien/masks/fito,alien/eyes/1,-1],[alien/masks/fito,alien/eyes/1,-1],[alien/masks/fito,alien/eyes/1,-1]]
Utils.hx:861: fade from
SpineSprite.hx:432: client folder set to: female2
StateMenu.hx:558: ssl=1&fexp=23710476,23718325,23726563,23727264,23735277,23735347,23736685,23744176,23749360,23751767,23752869,23755886,23755898,23758087,23758120,23758255,23760558,23761607,23762649,23764742,23769703,23774272,23777630,23779398,23780479,23784900,23785334,23788364,23788841,23790938,23794531,23794762,23795554,23796458,23796777,23797030,23797552,23797552,23797625,23797844,23798241,23798785,23800353,23801272,23801312,9407156,9449243,9471235,9475659&fmt_list=22/1280x720,43/640x360,18/640x360&innertube_api_key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8&title=SUPER Cute Alien | Best Multiplayer frags - November-January&host_language=id&csn=V7uJXM29DqSkz7sP47-rWA&player_response={"playabilityStatus":{"status":"OK","playableInEmbed":true},"streamingData":{"expiresInSeconds":"21540","formats":[{"itag":18,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026gir=yes\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026requiressl=yes\u0026txp=2211222\u0026ipbits=0\u0026mime=video%2Fmp4\u0026key=yt6\u0026itag=18\u0026clen=23669770\u0026lmt=1548201842003789\u0026signature=C8639481E1A87CA6DD43AA279CBE0D8F1496A102.62C9C5D4A20348127716031F24689AF465CD6922\u0026ratebypass=yes\u0026c=WEB\u0026mm=31%2C29\u0026source=youtube\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=269.165\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=clen%2Cdur%2Cei%2Cgir%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cpcm2%2Cpcm2cms%2Cpl%2Cratebypass%2Crequiressl%2Csource%2Cexpire","mimeType":"video/mp4; codecs=\"avc1.42001E, mp4a.40.2\"","bitrate":703669,"width":640,"height":360,"lastModified":"1548201842003789","contentLength":"23669770","quality":"medium","qualityLabel":"360p","projectionType":"RECTANGULAR","averageBitrate":703502,"audioQuality":"AUDIO_QUALITY_LOW","approxDurationMs":"269165","audioSampleRate":"44100"},{"itag":22,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026requiressl=yes\u0026txp=2211222\u0026ipbits=0\u0026mime=video%2Fmp4\u0026key=yt6\u0026itag=22\u0026lmt=1548202203505602\u0026signature=19507461BC62E39F1462B46B34DEDB0175BBBAAE.91A2E432C45122C21E9E61F8A791AD4A936406D6\u0026ratebypass=yes\u0026c=WEB\u0026mm=31%2C29\u0026source=youtube\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=269.165\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=dur%2Cei%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cpcm2%2Cpcm2cms%2Cpl%2Cratebypass%2Crequiressl%2Csource%2Cexpire","mimeType":"video/mp4; codecs=\"avc1.64001F, mp4a.40.2\"","bitrate":2361399,"width":1280,"height":720,"lastModified":"1548202203505602","quality":"hd720","qualityLabel":"720p","projectionType":"RECTANGULAR","audioQuality":"AUDIO_QUALITY_MEDIUM","approxDurationMs":"269165","audioSampleRate":"44100"},{"itag":43,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026gir=yes\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026requiressl=yes\u0026txp=2201222\u0026ipbits=0\u0026mime=video%2Fwebm\u0026key=yt6\u0026itag=43\u0026clen=26833856\u0026lmt=1548208157576812\u0026signature=E3B9E7D6F7B548DD075F3E2A8118627EF926A0BB.7EC5EC64F6B89DA9662CA7146D64AF548F21184C\u0026ratebypass=yes\u0026c=WEB\u0026mm=31%2C29\u0026source=youtube\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=0.000\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=clen%2Cdur%2Cei%2Cgir%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cpcm2%2Cpcm2cms%2Cpl%2Cratebypass%2Crequiressl%2Csource%2Cexpire","mimeType":"video/webm; codecs=\"vp8.0, vorbis\"","bitrate":2147483647,"width":640,"height":360,"lastModified":"1548208157576812","contentLength":"26833856","quality":"medium","qualityLabel":"360p","projectionType":"RECTANGULAR","audioQuality":"AUDIO_QUALITY_MEDIUM"}],"adaptiveFormats":[{"itag":137,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026keepalive=yes\u0026requiressl=yes\u0026ipbits=0\u0026mime=video%2Fmp4\u0026key=yt6\u0026itag=137\u0026otf=1\u0026aitags=133%2C134%2C135%2C136%2C137%2C160%2C298%2C299\u0026otfp=1\u0026lmt=1548201954930546\u0026signature=0A37EBA0C90FCF7BEAA64FDB5C8EEC9C2884EC83.7A851BDC2DFCEFBAEA2D975F6D16FCFC10321973\u0026c=WEB\u0026mm=31%2C29\u0026source=yt_otf\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=0.000\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=aitags%2Cdur%2Cei%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Ckeepalive%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cotf%2Cotfp%2Cpcm2%2Cpcm2cms%2Cpl%2Crequiressl%2Csource%2Cexpire","mimeType":"video/mp4; codecs=\"avc1.64001e\"","bitrate":4331250,"width":1920,"height":1080,"lastModified":"1548201954930546","quality":"hd1080","fps":30,"qualityLabel":"1080p","projectionType":"RECTANGULAR","type":"FORMAT_STREAM_TYPE_OTF"},{"itag":299,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026gir=yes\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026keepalive=yes\u0026requiressl=yes\u0026txp=2211222\u0026ipbits=0\u0026mime=video%2Fmp4\u0026key=yt6\u0026itag=299\u0026aitags=133%2C134%2C135%2C136%2C137%2C160%2C298%2C299\u0026clen=169340157\u0026otfp=1\u0026lmt=1548201954930546\u0026signature=3AD72026F89B78A67E5CE51E65B112D5AAD03C04.359427DB7D9062613DAA648EB9F2298EAA6D2955\u0026c=WEB\u0026mm=31%2C29\u0026source=youtube\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=269.118\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=aitags%2Cclen%2Cdur%2Cei%2Cgir%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Ckeepalive%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cotfp%2Cpcm2%2Cpcm2cms%2Cpl%2Crequiressl%2Csource%2Cexpire","mimeType":"video/mp4; codecs=\"avc1.64002a\"","bitrate":6817222,"width":1920,"height":1080,"initRange":{"start":"0","end":"764"},"indexRange":{"start":"765","end":"1432"},"lastModified":"1548201954930546","contentLength":"169340157","quality":"hd1080","fps":60,"qualityLabel":"1080p60","projectionType":"RECTANGULAR","averageBitrate":5033930,"approxDurationMs":"269118"},{"itag":136,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026keepalive=yes\u0026requiressl=yes\u0026ipbits=0\u0026mime=video%2Fmp4\u0026key=yt6\u0026itag=136\u0026otf=1\u0026aitags=133%2C134%2C135%2C136%2C137%2C160%2C298%2C299\u0026otfp=1\u0026lmt=1548201954930546\u0026signature=199537C0F8C1F2905B5188C5CD57FFBF2328F409.C69BEA1168EEF458284A4D011C2FFB4ADF659EC1\u0026c=WEB\u0026mm=31%2C29\u0026source=yt_otf\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=0.000\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=aitags%2Cdur%2Cei%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Ckeepalive%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cotf%2Cotfp%2Cpcm2%2Cpcm2cms%2Cpl%2Crequiressl%2Csource%2Cexpire","mimeType":"video/mp4; codecs=\"avc1.4d4016\"","bitrate":2310000,"width":1280,"height":720,"lastModified":"1548201954930546","quality":"hd720","fps":30,"qualityLabel":"720p","projectionType":"RECTANGULAR","type":"FORMAT_STREAM_TYPE_OTF"},{"itag":298,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026keepalive=yes\u0026requiressl=yes\u0026ipbits=0\u0026mime=video%2Fmp4\u0026key=yt6\u0026itag=298\u0026otf=1\u0026aitags=133%2C134%2C135%2C136%2C137%2C160%2C298%2C299\u0026otfp=1\u0026lmt=1548201954930546\u0026signature=34F029B87CD08A13A81D80E9AA071913C685136A.9514268C14309A0AF5DED74A38FAD22EF636AF7D\u0026c=WEB\u0026mm=31%2C29\u0026source=yt_otf\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=0.000\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=aitags%2Cdur%2Cei%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Ckeepalive%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cotf%2Cotfp%2Cpcm2%2Cpcm2cms%2Cpl%2Crequiressl%2Csource%2Cexpire","mimeType":"video/mp4; codecs=\"avc1.4d4016\"","bitrate":3465000,"width":1280,"height":720,"lastModified":"1548201954930546","quality":"hd720","fps":60,"qualityLabel":"720p60","projectionType":"RECTANGULAR","type":"FORMAT_STREAM_TYPE_OTF"},{"itag":135,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026keepalive=yes\u0026requiressl=yes\u0026ipbits=0\u0026mime=video%2Fmp4\u0026key=yt6\u0026itag=135\u0026otf=1\u0026aitags=133%2C134%2C135%2C136%2C137%2C160%2C298%2C299\u0026otfp=1\u0026lmt=1548201954930546\u0026signature=0634C6FE3F30DCEBB4A35A2B19527199FA4B66DA.C6E5090137B0BB9896EBFF72585A6DDD683BC4F1\u0026c=WEB\u0026mm=31%2C29\u0026source=yt_otf\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=0.000\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=aitags%2Cdur%2Cei%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Ckeepalive%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cotf%2Cotfp%2Cpcm2%2Cpcm2cms%2Cpl%2Crequiressl%2Csource%2Cexpire","mimeType":"video/mp4; codecs=\"avc1.4d4014\"","bitrate":1155000,"width":854,"height":480,"lastModified":"1548201954930546","quality":"large","fps":30,"qualityLabel":"480p","projectionType":"RECTANGULAR","type":"FORMAT_STREAM_TYPE_OTF"},{"itag":134,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026gir=yes\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026keepalive=yes\u0026requiressl=yes\u0026txp=2211222\u0026ipbits=0\u0026mime=video%2Fmp4\u0026key=yt6\u0026itag=134\u0026aitags=133%2C134%2C135%2C136%2C137%2C160%2C298%2C299\u0026clen=19846335\u0026otfp=1\u0026lmt=1548201954638031\u0026signature=47687AD6BED593DBC8841F525D649822E5CD50E0.65D559FC06C7A4D6472377A2F8C68D1F81876737\u0026c=WEB\u0026mm=31%2C29\u0026source=youtube\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=269.102\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=aitags%2Cclen%2Cdur%2Cei%2Cgir%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Ckeepalive%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cotfp%2Cpcm2%2Cpcm2cms%2Cpl%2Crequiressl%2Csource%2Cexpire","mimeType":"video/mp4; codecs=\"avc1.4d401e\"","bitrate":697411,"width":640,"height":360,"initRange":{"start":"0","end":"763"},"indexRange":{"start":"764","end":"1431"},"lastModified":"1548201954638031","contentLength":"19846335","quality":"medium","fps":30,"qualityLabel":"360p","projectionType":"RECTANGULAR","averageBitrate":590001,"highReplication":true,"approxDurationMs":"269102"},{"itag":133,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026keepalive=yes\u0026requiressl=yes\u0026ipbits=0\u0026mime=video%2Fmp4\u0026key=yt6\u0026itag=133\u0026otf=1\u0026aitags=133%2C134%2C135%2C136%2C137%2C160%2C298%2C299\u0026otfp=1\u0026lmt=1548201954930546\u0026signature=3B274F545DC8E6A11A2E4260329B0A906355E0B6.850976BFFB647FA83CED061E2B518AE2EA39E72D\u0026c=WEB\u0026mm=31%2C29\u0026source=yt_otf\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=0.000\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=aitags%2Cdur%2Cei%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Ckeepalive%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cotf%2Cotfp%2Cpcm2%2Cpcm2cms%2Cpl%2Crequiressl%2Csource%2Cexpire","mimeType":"video/mp4; codecs=\"avc1.4d400c\"","bitrate":242000,"width":426,"height":240,"lastModified":"1548201954930546","quality":"small","fps":30,"qualityLabel":"240p","projectionType":"RECTANGULAR","type":"FORMAT_STREAM_TYPE_OTF"},{"itag":160,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026keepalive=yes\u0026requiressl=yes\u0026ipbits=0\u0026mime=video%2Fmp4\u0026key=yt6\u0026itag=160\u0026otf=1\u0026aitags=133%2C134%2C135%2C136%2C137%2C160%2C298%2C299\u0026otfp=1\u0026lmt=1548201954930546\u0026signature=680E5E5EAF5A4579F38973AE4A094E3E838948D8.5EC3C4B089BD14551B57166556DC29CB1440AA50\u0026c=WEB\u0026mm=31%2C29\u0026source=yt_otf\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=0.000\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=aitags%2Cdur%2Cei%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Ckeepalive%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cotf%2Cotfp%2Cpcm2%2Cpcm2cms%2Cpl%2Crequiressl%2Csource%2Cexpire","mimeType":"video/mp4; codecs=\"avc1.4d400b\"","bitrate":108000,"width":256,"height":144,"lastModified":"1548201954930546","quality":"tiny","fps":30,"qualityLabel":"144p","projectionType":"RECTANGULAR","type":"FORMAT_STREAM_TYPE_OTF"},{"itag":140,"url":"https://r2---sn-2uuxa3vh-n0c6.googlevideo.com/videoplayback?expire=1552551863\u0026gir=yes\u0026pcm2=no\u0026fvip=2\u0026pcm2cms=yes\u0026pl=22\u0026keepalive=yes\u0026requiressl=yes\u0026txp=2211222\u0026ipbits=0\u0026mime=audio%2Fmp4\u0026key=yt6\u0026itag=140\u0026clen=4357082\u0026otfp=1\u0026lmt=1548202030599856\u0026signature=9C9071BF54FD1F2B27F45C3B216E85EEF906201C.9395DD2F8DCB49568D70668FAB5C082023C561E1\u0026c=WEB\u0026mm=31%2C29\u0026source=youtube\u0026mn=sn-2uuxa3vh-n0c6%2Csn-npoe7nek\u0026mt=1552530118\u0026mv=m\u0026ms=au%2Crdu\u0026dur=269.165\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026ip=110.138.99.49\u0026initcwndbps=241250\u0026id=o-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP\u0026sparams=clen%2Cdur%2Cei%2Cgir%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Ckeepalive%2Clmt%2Cmime%2Cmm%2Cmn%2Cms%2Cmv%2Cotfp%2Cpcm2%2Cpcm2cms%2Cpl%2Crequiressl%2Csource%2Cexpire","mimeType":"audio/mp4; codecs=\"mp4a.40.2\"","bitrate":130623,"initRange":{"start":"0","end":"655"},"indexRange":{"start":"656","end":"1011"},"lastModified":"1548202030599856","contentLength":"4357082","quality":"tiny","projectionType":"RECTANGULAR","averageBitrate":129499,"highReplication":true,"audioQuality":"AUDIO_QUALITY_MEDIUM","approxDurationMs":"269165","audioSampleRate":"44100"}],"dashManifestUrl":"https://manifest.googlevideo.com/api/manifest/dash/hfr/all/pcm2cms/yes/mm/31%2C29/source/youtube/mn/sn-2uuxa3vh-n0c6%2Csn-npoe7nek/mt/1552530118/mv/m/ms/au%2Crdu/pl/22/requiressl/yes/ipbits/0/ei/V7uJXM29DqSkz7sP47-rWA/playback_host/r2---sn-2uuxa3vh-n0c6.googlevideo.com/key/yt6/itag/0/initcwndbps/241250/as/fmp4_audio_clear%2Cfmp4_sd_hd_clear/fvip/2/ip/110.138.99.49/expire/1552551863/signature/3CC8D1BAC4FF916F339BD79643179713C05A05D5.C44A02DBF31BD45AD6879E3234E278C0C88905C2/id/3499393b8b2d9c13/sparams/as%2Cei%2Chfr%2Cid%2Cinitcwndbps%2Cip%2Cipbits%2Citag%2Cmm%2Cmn%2Cms%2Cmv%2Cpcm2cms%2Cpl%2Cplayback_host%2Crequiressl%2Csource%2Cexpire"},"playbackTracking":{"videostatsPlaybackUrl":{"baseUrl":"https://s.youtube.com/api/stats/playback?el=embedded\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026cl=238248702\u0026of=YOTSmvrPFrvEuSgkDL2p9w\u0026len=270\u0026fexp=23710476%2C23718325%2C23726563%2C23727264%2C23735277%2C23735347%2C23736685%2C23744176%2C23749360%2C23751767%2C23752869%2C23755886%2C23755898%2C23758087%2C23758120%2C23758255%2C23760558%2C23761607%2C23762649%2C23764742%2C23769703%2C23774272%2C23777630%2C23779398%2C23780479%2C23784900%2C23785334%2C23788364%2C23788841%2C23790938%2C23794531%2C23794762%2C23795554%2C23796458%2C23796777%2C23797030%2C23797552%2C23797552%2C23797625%2C23797844%2C23798241%2C23798785%2C23800353%2C23801272%2C23801312%2C9407156%2C9449243%2C9471235%2C9475659\u0026plid=AAWEBJ7ZlQPTctth\u0026vm=CAEQABgE\u0026docid=NJk5O4stnBM\u0026ns=yt"},"videostatsDelayplayUrl":{"baseUrl":"https://s.youtube.com/api/stats/delayplay?el=embedded\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026cl=238248702\u0026of=YOTSmvrPFrvEuSgkDL2p9w\u0026len=270\u0026fexp=23710476%2C23718325%2C23726563%2C23727264%2C23735277%2C23735347%2C23736685%2C23744176%2C23749360%2C23751767%2C23752869%2C23755886%2C23755898%2C23758087%2C23758120%2C23758255%2C23760558%2C23761607%2C23762649%2C23764742%2C23769703%2C23774272%2C23777630%2C23779398%2C23780479%2C23784900%2C23785334%2C23788364%2C23788841%2C23790938%2C23794531%2C23794762%2C23795554%2C23796458%2C23796777%2C23797030%2C23797552%2C23797552%2C23797625%2C23797844%2C23798241%2C23798785%2C23800353%2C23801272%2C23801312%2C9407156%2C9449243%2C9471235%2C9475659\u0026plid=AAWEBJ7ZlQPTctth\u0026vm=CAEQABgE\u0026docid=NJk5O4stnBM\u0026ns=yt"},"videostatsWatchtimeUrl":{"baseUrl":"https://s.youtube.com/api/stats/watchtime?el=embedded\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026cl=238248702\u0026of=YOTSmvrPFrvEuSgkDL2p9w\u0026len=270\u0026fexp=23710476%2C23718325%2C23726563%2C23727264%2C23735277%2C23735347%2C23736685%2C23744176%2C23749360%2C23751767%2C23752869%2C23755886%2C23755898%2C23758087%2C23758120%2C23758255%2C23760558%2C23761607%2C23762649%2C23764742%2C23769703%2C23774272%2C23777630%2C23779398%2C23780479%2C23784900%2C23785334%2C23788364%2C23788841%2C23790938%2C23794531%2C23794762%2C23795554%2C23796458%2C23796777%2C23797030%2C23797552%2C23797552%2C23797625%2C23797844%2C23798241%2C23798785%2C23800353%2C23801272%2C23801312%2C9407156%2C9449243%2C9471235%2C9475659\u0026plid=AAWEBJ7ZlQPTctth\u0026vm=CAEQABgE\u0026docid=NJk5O4stnBM\u0026ns=yt"},"ptrackingUrl":{"baseUrl":"https://www.youtube.com/ptracking?ei=V7uJXM29DqSkz7sP47-rWA\u0026plid=AAWEBJ7ZlQPTctth\u0026ptk=youtube_none\u0026pltype=contentugc\u0026video_id=NJk5O4stnBM"},"qoeUrl":{"baseUrl":"https://s.youtube.com/api/stats/qoe?cat=otfp\u0026ns=yt\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026event=streamingstats\u0026cl=238248702\u0026docid=NJk5O4stnBM\u0026fexp=23710476%2C23718325%2C23726563%2C23727264%2C23735277%2C23735347%2C23736685%2C23744176%2C23749360%2C23751767%2C23752869%2C23755886%2C23755898%2C23758087%2C23758120%2C23758255%2C23760558%2C23761607%2C23762649%2C23764742%2C23769703%2C23774272%2C23777630%2C23779398%2C23780479%2C23784900%2C23785334%2C23788364%2C23788841%2C23790938%2C23794531%2C23794762%2C23795554%2C23796458%2C23796777%2C23797030%2C23797552%2C23797552%2C23797625%2C23797844%2C23798241%2C23798785%2C23800353%2C23801272%2C23801312%2C9407156%2C9449243%2C9471235%2C9475659\u0026plid=AAWEBJ7ZlQPTctth"},"setAwesomeUrl":{"baseUrl":"https://www.youtube.com/set_awesome?plid=AAWEBJ7ZlQPTctth\u0026ei=V7uJXM29DqSkz7sP47-rWA\u0026video_id=NJk5O4stnBM","elapsedMediaTimeSeconds":120},"atrUrl":{"baseUrl":"https://s.youtube.com/api/stats/atr?ei=V7uJXM29DqSkz7sP47-rWA\u0026len=270\u0026plid=AAWEBJ7ZlQPTctth\u0026ver=2\u0026docid=NJk5O4stnBM\u0026ns=yt","elapsedMediaTimeSeconds":5}},"captions":{"playerCaptionsTracklistRenderer":{"captionTracks":[{"baseUrl":"https://www.youtube.com/api/timedtext?expire=1552555463\u0026xorp=True\u0026key=yttt1\u0026asr_langs=nl%2Cja%2Cpt%2Cen%2Cfr%2Cko%2Cit%2Cru%2Cde%2Ces\u0026hl=id\u0026sparams=asr_langs%2Ccaps%2Cv%2Cxoaf%2Cxorp%2Cexpire\u0026v=NJk5O4stnBM\u0026signature=05904A2E091E682CDDD7D8626EB5A5EB8248DD88.A9518E1CAA6126185061D5DAA5E180C0F8FC1B\u0026xoaf=1\u0026caps=asr\u0026kind=asr\u0026lang=en","name":{"simpleText":"Inggris (dibuat secara otomatis)"},"vssId":"a.en","languageCode":"en","kind":"asr","isTranslatable":true}],"audioTracks":[{"captionTrackIndices":[0],"visibility":"UNKNOWN"}],"translationLanguages":[{"languageCode":"af","languageName":{"simpleText":"Afrikaans"}},{"languageCode":"sq","languageName":{"simpleText":"Albania"}},{"languageCode":"am","languageName":{"simpleText":"Amharik"}},{"languageCode":"ar","languageName":{"simpleText":"Arab"}},{"languageCode":"hy","languageName":{"simpleText":"Armenia"}},{"languageCode":"az","languageName":{"simpleText":"Azerbaijani"}},{"languageCode":"eu","languageName":{"simpleText":"Basque"}},{"languageCode":"nl","languageName":{"simpleText":"Belanda"}},{"languageCode":"be","languageName":{"simpleText":"Belarusia"}},{"languageCode":"bn","languageName":{"simpleText":"Bengali"}},{"languageCode":"bs","languageName":{"simpleText":"Bosnia"}},{"languageCode":"bg","languageName":{"simpleText":"Bulgaria"}},{"languageCode":"my","languageName":{"simpleText":"Burma"}},{"languageCode":"ceb","languageName":{"simpleText":"Cebuano"}},{"languageCode":"cs","languageName":{"simpleText":"Cheska"}},{"languageCode":"da","languageName":{"simpleText":"Dansk"}},{"languageCode":"eo","languageName":{"simpleText":"Esperanto"}},{"languageCode":"et","languageName":{"simpleText":"Esti"}},{"languageCode":"fil","languageName":{"simpleText":"Filipino"}},{"languageCode":"fy","languageName":{"simpleText":"Frisia Barat"}},{"languageCode":"gd","languageName":{"simpleText":"Gaelik Skotlandia"}},{"languageCode":"gl","languageName":{"simpleText":"Galisia"}},{"languageCode":"ka","languageName":{"simpleText":"Georgia"}},{"languageCode":"gu","languageName":{"simpleText":"Gujarat"}},{"languageCode":"ha","languageName":{"simpleText":"Hausa"}},{"languageCode":"haw","languageName":{"simpleText":"Hawaii"}},{"languageCode":"hi","languageName":{"simpleText":"Hindi"}},{"languageCode":"hmn","languageName":{"simpleText":"Hmong"}},{"languageCode":"hu","languageName":{"simpleText":"Hungaria"}},{"languageCode":"iw","languageName":{"simpleText":"Ibrani"}},{"languageCode":"ig","languageName":{"simpleText":"Igbo"}},{"languageCode":"id","languageName":{"simpleText":"Indonesia"}},{"languageCode":"en","languageName":{"simpleText":"Inggris"}},{"languageCode":"ga","languageName":{"simpleText":"Irlandia"}},{"languageCode":"is","languageName":{"simpleText":"Islandia"}},{"languageCode":"it","languageName":{"simpleText":"Italia"}},{"languageCode":"jv","languageName":{"simpleText":"Jawa"}},{"languageCode":"ja","languageName":{"simpleText":"Jepang"}},{"languageCode":"de","languageName":{"simpleText":"Jerman"}},{"languageCode":"kn","languageName":{"simpleText":"Kannada"}},{"languageCode":"ca","languageName":{"simpleText":"Katalan"}},{"languageCode":"kk","languageName":{"simpleText":"Kazakh"}},{"languageCode":"km","languageName":{"simpleText":"Khmer"}},{"languageCode":"ky","languageName":{"simpleText":"Kirgiz"}},{"languageCode":"ko","languageName":{"simpleText":"Korea"}},{"languageCode":"co","languageName":{"simpleText":"Korsika"}},{"languageCode":"ht","languageName":{"simpleText":"Kreol Haiti"}},{"languageCode":"hr","languageName":{"simpleText":"Kroasia"}},{"languageCode":"ku","languageName":{"simpleText":"Kurdi"}},{"languageCode":"lo","languageName":{"simpleText":"Lao"}},{"languageCode":"la","languageName":{"simpleText":"Latin"}},{"languageCode":"lv","languageName":{"simpleText":"Latvi"}},{"languageCode":"lt","languageName":{"simpleText":"Lituavi"}},{"languageCode":"lb","languageName":{"simpleText":"Luksemburg"}},{"languageCode":"mk","languageName":{"simpleText":"Makedonia"}},{"languageCode":"mg","languageName":{"simpleText":"Malagasi"}},{"languageCode":"ml","languageName":{"simpleText":"Malayalam"}},{"languageCode":"mt","languageName":{"simpleText":"Malta"}},{"languageCode":"mi","languageName":{"simpleText":"Maori"}},{"languageCode":"mr","languageName":{"simpleText":"Marathi"}},{"languageCode":"ms","languageName":{"simpleText":"Melayu"}},{"languageCode":"mn","languageName":{"simpleText":"Mongolia"}},{"languageCode":"ne","languageName":{"simpleText":"Nepali"}},{"languageCode":"no","languageName":{"simpleText":"Norwegia"}},{"languageCode":"ny","languageName":{"simpleText":"Nyanja"}},{"languageCode":"ps","languageName":{"simpleText":"Pashto"}},{"languageCode":"fa","languageName":{"simpleText":"Persia"}},{"languageCode":"pl","languageName":{"simpleText":"Polski"}},{"languageCode":"pt","languageName":{"simpleText":"Portugis"}},{"languageCode":"fr","languageName":{"simpleText":"Prancis"}},{"languageCode":"pa","languageName":{"simpleText":"Punjabi"}},{"languageCode":"ro","languageName":{"simpleText":"Rumania"}},{"languageCode":"ru","languageName":{"simpleText":"Rusia"}},{"languageCode":"sm","languageName":{"simpleText":"Samoa"}},{"languageCode":"sr","languageName":{"simpleText":"Serbia"}},{"languageCode":"sn","languageName":{"simpleText":"Shona"}},{"languageCode":"sd","languageName":{"simpleText":"Sindhi"}},{"languageCode":"si","languageName":{"simpleText":"Sinhala"}},{"languageCode":"sk","languageName":{"simpleText":"Slovak"}},{"languageCode":"sl","languageName":{"simpleText":"Sloven"}},{"languageCode":"so","languageName":{"simpleText":"Somalia"}},{"languageCode":"st","languageName":{"simpleText":"Sotho Selatan"}},{"languageCode":"es","languageName":{"simpleText":"Spanyol"}},{"languageCode":"su","languageName":{"simpleText":"Sunda"}},{"languageCode":"fi","languageName":{"simpleText":"Suomi"}},{"languageCode":"sw","languageName":{"simpleText":"Swahili"}},{"languageCode":"sv","languageName":{"simpleText":"Swedia"}},{"languageCode":"tg","languageName":{"simpleText":"Tajik"}},{"languageCode":"ta","languageName":{"simpleText":"Tamil"}},{"languageCode":"te","languageName":{"simpleText":"Telugu"}},{"languageCode":"th","languageName":{"simpleText":"Thai"}},{"languageCode":"zh-Hans","languageName":{"simpleText":"Tionghoa (Sederhana)"}},{"languageCode":"zh-Hant","languageName":{"simpleText":"Tionghoa (Tradisional)"}},{"languageCode":"tr","languageName":{"simpleText":"Turki"}},{"languageCode":"uk","languageName":{"simpleText":"Ukraina"}},{"languageCode":"ur","languageName":{"simpleText":"Urdu"}},{"languageCode":"uz","languageName":{"simpleText":"Uzbek"}},{"languageCode":"vi","languageName":{"simpleText":"Vietnam"}},{"languageCode":"cy","languageName":{"simpleText":"Welsh"}},{"languageCode":"xh","languageName":{"simpleText":"Xhosa"}},{"languageCode":"yi","languageName":{"simpleText":"Yiddish"}},{"languageCode":"yo","languageName":{"simpleText":"Yoruba"}},{"languageCode":"el","languageName":{"simpleText":"Yunani"}},{"languageCode":"zu","languageName":{"simpleText":"Zulu"}}],"defaultAudioTrackIndex":0}},"videoDetails":{"videoId":"NJk5O4stnBM","title":"SUPER Cute Alien | Best Multiplayer frags - November-January","lengthSeconds":"269","channelId":"UCiCiuUVpQ2vSYn1EmENGCmA","isOwnerViewing":false,"shortDescription":"Game Store: https://setentia-studios.itch.io/super-cute-alien\nTwitter: https://twitter.com/SUPERCuteAlien\nGame Page: http://www.supercutealien.com\nDev Log: http://forum.haxeflixel.com/topic/20/super-cute-alien-1-4-players-platformer-about-friendship-love-and-what-it-means-to-be-human/62","isCrawlable":true,"thumbnail":{"thumbnails":[{"url":"https://i.ytimg.com/vi/NJk5O4stnBM/hqdefault.jpg?sqp=-oaymwEiCKgBEF5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==\u0026rs=AOn4CLDUKCsm3gH0r2-Bb_kZj939DTOp3w","width":168,"height":94},{"url":"https://i.ytimg.com/vi/NJk5O4stnBM/hqdefault.jpg?sqp=-oaymwEiCMQBEG5IWvKriqkDFQgBFQAAAAAYASUAAMhCPQCAokN4AQ==\u0026rs=AOn4CLCo2tV1F_MSkiipzQONhakf4zQDOQ","width":196,"height":110},{"url":"https://i.ytimg.com/vi/NJk5O4stnBM/hqdefault.jpg?sqp=-oaymwEjCPYBEIoBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=\u0026rs=AOn4CLAQ2PcXDr6jUkHXPbrwNmvFD9QOTg","width":246,"height":138},{"url":"https://i.ytimg.com/vi/NJk5O4stnBM/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=\u0026rs=AOn4CLAH_uma3LdMbqs9I-vKq2Do4sgdYw","width":336,"height":188}]},"averageRating":5.0,"allowRatings":true,"viewCount":"73","author":"SETENTIA studios","isPrivate":false,"isUnpluggedCorpus":false,"isLiveContent":false},"annotations":[{"playerAnnotationsUrlsRenderer":{"invideoUrl":"https://www.youtube.com/annotations_invideo?cap_hist=1\u0026video_id=NJk5O4stnBM\u0026client=1","loadPolicy":"ALWAYS","allowInPlaceSwitch":true}}],"playerConfig":{"audioConfig":{"loudnessDb":-4.6590004,"perceptualLoudnessDb":-25.659},"streamSelectionConfig":{"maxBitrate":"1930000"}},"storyboards":{"playerStoryboardSpecRenderer":{"spec":"https://i9.ytimg.com/sb/NJk5O4stnBM/storyboard3_L$L/$N.jpg?sqp=ovOX_wMGCOLenuIF|48#27#100#10#10#0#default#rs$AOn4CLCQKUwvtyoP5ttiLsCEYWXAzEKTNg|80#45#136#10#10#2000#M$M#rs$AOn4CLCIHWApAbixccU0nnchcCn2uywmKA|160#90#136#5#5#2000#M$M#rs$AOn4CLDv72HLJtUyMrDISjro1NBJNHRfqA"}},"attestation":{"playerAttestationRenderer":{"challenge":"a=3\u0026b=UAvKCutA-MaG6Mr_fAyPAw00vuM\u0026c=1552530263\u0026d=1\u0026e=NJk5O4stnBM\u0026c3a=19\u0026c1a=1\u0026c6a=1\u0026hh=jxOgCL3o0psAGdvyuxkV2jly2xvfzYOSlKQicdLUZto"}},"adSafetyReason":{"isEmbed":true}}&external_play_video=1&timestamp=1552530263&ismb=1930000&video_id=NJk5O4stnBM&player_error_log_fraction=1.0&cver=1.20190313&enablecsi=1&status=ok&apiary_host=&hl=id_ID&xhr_apiary_host=youtubei.youtube.com&gapi_hint_params=m;/_/scs/abc-static/_/js/k=gapi.gapi.en.1YQiBIu1zGM.O/rt=j/d=1/rs=AHpOoo8jmooDqnwUNQ5CPVlex635ObQRZg/m=__features__&idpj=-1&itct=CAEQu2kiEwiNxd_2yYDhAhUk0nMBHePfCgso6NQB&no_get_video_log=1&adaptive_fmts=url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26keepalive%3Dyes%26requiressl%3Dyes%26ipbits%3D0%26mime%3Dvideo%252Fmp4%26key%3Dyt6%26itag%3D137%26otf%3D1%26aitags%3D133%252C134%252C135%252C136%252C137%252C160%252C298%252C299%26otfp%3D1%26lmt%3D1548201954930546%26signature%3D0A37EBA0C90FCF7BEAA64FDB5C8EEC9C2884EC83.7A851BDC2DFCEFBAEA2D975F6D16FCFC10321973%26c%3DWEB%26mm%3D31%252C29%26source%3Dyt_otf%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D0.000%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Daitags%252Cdur%252Cei%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Ckeepalive%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cotf%252Cotfp%252Cpcm2%252Cpcm2cms%252Cpl%252Crequiressl%252Csource%252Cexpire&type=video%2Fmp4%3B+codecs%3D%22avc1.64001e%22&index=0-0&lmt=1548201954930546&projection_type=1&xtags=&size=1920x1080&clen=0&itag=137&bitrate=4331250&quality_label=1080p&init=0-0&fps=30&stream_type=3,url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26gir%3Dyes%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26keepalive%3Dyes%26requiressl%3Dyes%26txp%3D2211222%26ipbits%3D0%26mime%3Dvideo%252Fmp4%26key%3Dyt6%26itag%3D299%26aitags%3D133%252C134%252C135%252C136%252C137%252C160%252C298%252C299%26clen%3D169340157%26otfp%3D1%26lmt%3D1548201954930546%26signature%3D3AD72026F89B78A67E5CE51E65B112D5AAD03C04.359427DB7D9062613DAA648EB9F2298EAA6D2955%26c%3DWEB%26mm%3D31%252C29%26source%3Dyoutube%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D269.118%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Daitags%252Cclen%252Cdur%252Cei%252Cgir%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Ckeepalive%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cotfp%252Cpcm2%252Cpcm2cms%252Cpl%252Crequiressl%252Csource%252Cexpire&type=video%2Fmp4%3B+codecs%3D%22avc1.64002a%22&index=765-1432&lmt=1548201954930546&projection_type=1&xtags=&size=1920x1080&clen=169340157&itag=299&bitrate=6817222&quality_label=1080p60&init=0-764&fps=60,url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26keepalive%3Dyes%26requiressl%3Dyes%26ipbits%3D0%26mime%3Dvideo%252Fmp4%26key%3Dyt6%26itag%3D136%26otf%3D1%26aitags%3D133%252C134%252C135%252C136%252C137%252C160%252C298%252C299%26otfp%3D1%26lmt%3D1548201954930546%26signature%3D199537C0F8C1F2905B5188C5CD57FFBF2328F409.C69BEA1168EEF458284A4D011C2FFB4ADF659EC1%26c%3DWEB%26mm%3D31%252C29%26source%3Dyt_otf%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D0.000%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Daitags%252Cdur%252Cei%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Ckeepalive%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cotf%252Cotfp%252Cpcm2%252Cpcm2cms%252Cpl%252Crequiressl%252Csource%252Cexpire&type=video%2Fmp4%3B+codecs%3D%22avc1.4d4016%22&index=0-0&lmt=1548201954930546&projection_type=1&xtags=&size=1280x720&clen=0&itag=136&bitrate=2310000&quality_label=720p&init=0-0&fps=30&stream_type=3,url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26keepalive%3Dyes%26requiressl%3Dyes%26ipbits%3D0%26mime%3Dvideo%252Fmp4%26key%3Dyt6%26itag%3D298%26otf%3D1%26aitags%3D133%252C134%252C135%252C136%252C137%252C160%252C298%252C299%26otfp%3D1%26lmt%3D1548201954930546%26signature%3D34F029B87CD08A13A81D80E9AA071913C685136A.9514268C14309A0AF5DED74A38FAD22EF636AF7D%26c%3DWEB%26mm%3D31%252C29%26source%3Dyt_otf%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D0.000%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Daitags%252Cdur%252Cei%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Ckeepalive%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cotf%252Cotfp%252Cpcm2%252Cpcm2cms%252Cpl%252Crequiressl%252Csource%252Cexpire&type=video%2Fmp4%3B+codecs%3D%22avc1.4d4016%22&index=0-0&lmt=1548201954930546&projection_type=1&xtags=&size=1280x720&clen=0&itag=298&bitrate=3465000&quality_label=720p60&init=0-0&fps=60&stream_type=3,url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26keepalive%3Dyes%26requiressl%3Dyes%26ipbits%3D0%26mime%3Dvideo%252Fmp4%26key%3Dyt6%26itag%3D135%26otf%3D1%26aitags%3D133%252C134%252C135%252C136%252C137%252C160%252C298%252C299%26otfp%3D1%26lmt%3D1548201954930546%26signature%3D0634C6FE3F30DCEBB4A35A2B19527199FA4B66DA.C6E5090137B0BB9896EBFF72585A6DDD683BC4F1%26c%3DWEB%26mm%3D31%252C29%26source%3Dyt_otf%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D0.000%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Daitags%252Cdur%252Cei%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Ckeepalive%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cotf%252Cotfp%252Cpcm2%252Cpcm2cms%252Cpl%252Crequiressl%252Csource%252Cexpire&type=video%2Fmp4%3B+codecs%3D%22avc1.4d4014%22&index=0-0&lmt=1548201954930546&projection_type=1&xtags=&size=854x480&clen=0&itag=135&bitrate=1155000&quality_label=480p&init=0-0&fps=30&stream_type=3,url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26gir%3Dyes%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26keepalive%3Dyes%26requiressl%3Dyes%26txp%3D2211222%26ipbits%3D0%26mime%3Dvideo%252Fmp4%26key%3Dyt6%26itag%3D134%26aitags%3D133%252C134%252C135%252C136%252C137%252C160%252C298%252C299%26clen%3D19846335%26otfp%3D1%26lmt%3D1548201954638031%26signature%3D47687AD6BED593DBC8841F525D649822E5CD50E0.65D559FC06C7A4D6472377A2F8C68D1F81876737%26c%3DWEB%26mm%3D31%252C29%26source%3Dyoutube%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D269.102%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Daitags%252Cclen%252Cdur%252Cei%252Cgir%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Ckeepalive%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cotfp%252Cpcm2%252Cpcm2cms%252Cpl%252Crequiressl%252Csource%252Cexpire&type=video%2Fmp4%3B+codecs%3D%22avc1.4d401e%22&index=764-1431&lmt=1548201954638031&projection_type=1&xtags=&size=640x360&clen=19846335&itag=134&bitrate=697411&quality_label=360p&init=0-763&fps=30,url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26keepalive%3Dyes%26requiressl%3Dyes%26ipbits%3D0%26mime%3Dvideo%252Fmp4%26key%3Dyt6%26itag%3D133%26otf%3D1%26aitags%3D133%252C134%252C135%252C136%252C137%252C160%252C298%252C299%26otfp%3D1%26lmt%3D1548201954930546%26signature%3D3B274F545DC8E6A11A2E4260329B0A906355E0B6.850976BFFB647FA83CED061E2B518AE2EA39E72D%26c%3DWEB%26mm%3D31%252C29%26source%3Dyt_otf%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D0.000%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Daitags%252Cdur%252Cei%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Ckeepalive%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cotf%252Cotfp%252Cpcm2%252Cpcm2cms%252Cpl%252Crequiressl%252Csource%252Cexpire&type=video%2Fmp4%3B+codecs%3D%22avc1.4d400c%22&index=0-0&lmt=1548201954930546&projection_type=1&xtags=&size=426x240&clen=0&itag=133&bitrate=242000&quality_label=240p&init=0-0&fps=30&stream_type=3,url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26keepalive%3Dyes%26requiressl%3Dyes%26ipbits%3D0%26mime%3Dvideo%252Fmp4%26key%3Dyt6%26itag%3D160%26otf%3D1%26aitags%3D133%252C134%252C135%252C136%252C137%252C160%252C298%252C299%26otfp%3D1%26lmt%3D1548201954930546%26signature%3D680E5E5EAF5A4579F38973AE4A094E3E838948D8.5EC3C4B089BD14551B57166556DC29CB1440AA50%26c%3DWEB%26mm%3D31%252C29%26source%3Dyt_otf%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D0.000%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Daitags%252Cdur%252Cei%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Ckeepalive%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cotf%252Cotfp%252Cpcm2%252Cpcm2cms%252Cpl%252Crequiressl%252Csource%252Cexpire&type=video%2Fmp4%3B+codecs%3D%22avc1.4d400b%22&index=0-0&lmt=1548201954930546&projection_type=1&xtags=&size=256x144&clen=0&itag=160&bitrate=108000&quality_label=144p&init=0-0&fps=30&stream_type=3,url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26gir%3Dyes%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26keepalive%3Dyes%26requiressl%3Dyes%26txp%3D2211222%26ipbits%3D0%26mime%3Daudio%252Fmp4%26key%3Dyt6%26itag%3D140%26clen%3D4357082%26otfp%3D1%26lmt%3D1548202030599856%26signature%3D9C9071BF54FD1F2B27F45C3B216E85EEF906201C.9395DD2F8DCB49568D70668FAB5C082023C561E1%26c%3DWEB%26mm%3D31%252C29%26source%3Dyoutube%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D269.165%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Dclen%252Cdur%252Cei%252Cgir%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Ckeepalive%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cotfp%252Cpcm2%252Cpcm2cms%252Cpl%252Crequiressl%252Csource%252Cexpire&type=audio%2Fmp4%3B+codecs%3D%22mp4a.40.2%22&index=656-1011&lmt=1548202030599856&projection_type=1&xtags=&clen=4357082&itag=140&bitrate=130623&audio_sample_rate=44100&init=0-655&thumbnail_url=https://i.ytimg.com/vi/NJk5O4stnBM/default.jpg&watermark=,https://s.ytimg.com/yts/img/watermark/youtube_watermark-vflHX6b6E.png,https://s.ytimg.com/yts/img/watermark/youtube_hd_watermark-vflAzLcD6.png&enabled_engage_types=3,6,4,5,17,1&length_seconds=269&c=WEB&vss_host=s.youtube.com&tmi=1&author=SETENTIA studios&root_ve_type=27240&apiary_host_firstparty=&url_encoded_fmt_stream_map=url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26requiressl%3Dyes%26txp%3D2211222%26ipbits%3D0%26mime%3Dvideo%252Fmp4%26key%3Dyt6%26itag%3D22%26lmt%3D1548202203505602%26signature%3D19507461BC62E39F1462B46B34DEDB0175BBBAAE.91A2E432C45122C21E9E61F8A791AD4A936406D6%26ratebypass%3Dyes%26c%3DWEB%26mm%3D31%252C29%26source%3Dyoutube%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D269.165%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Ddur%252Cei%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cpcm2%252Cpcm2cms%252Cpl%252Cratebypass%252Crequiressl%252Csource%252Cexpire&quality=hd720&type=video%2Fmp4%3B+codecs%3D%22avc1.64001F%2C+mp4a.40.2%22&itag=22,url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26gir%3Dyes%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26requiressl%3Dyes%26txp%3D2201222%26ipbits%3D0%26mime%3Dvideo%252Fwebm%26key%3Dyt6%26itag%3D43%26clen%3D26833856%26lmt%3D1548208157576812%26signature%3DE3B9E7D6F7B548DD075F3E2A8118627EF926A0BB.7EC5EC64F6B89DA9662CA7146D64AF548F21184C%26ratebypass%3Dyes%26c%3DWEB%26mm%3D31%252C29%26source%3Dyoutube%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D0.000%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Dclen%252Cdur%252Cei%252Cgir%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cpcm2%252Cpcm2cms%252Cpl%252Cratebypass%252Crequiressl%252Csource%252Cexpire&quality=medium&type=video%2Fwebm%3B+codecs%3D%22vp8.0%2C+vorbis%22&itag=43,url=https%3A%2F%2Fr2---sn-2uuxa3vh-n0c6.googlevideo.com%2Fvideoplayback%3Fexpire%3D1552551863%26gir%3Dyes%26pcm2%3Dno%26fvip%3D2%26pcm2cms%3Dyes%26pl%3D22%26requiressl%3Dyes%26txp%3D2211222%26ipbits%3D0%26mime%3Dvideo%252Fmp4%26key%3Dyt6%26itag%3D18%26clen%3D23669770%26lmt%3D1548201842003789%26signature%3DC8639481E1A87CA6DD43AA279CBE0D8F1496A102.62C9C5D4A20348127716031F24689AF465CD6922%26ratebypass%3Dyes%26c%3DWEB%26mm%3D31%252C29%26source%3Dyoutube%26mn%3Dsn-2uuxa3vh-n0c6%252Csn-npoe7nek%26mt%3D1552530118%26mv%3Dm%26ms%3Dau%252Crdu%26dur%3D269.165%26ei%3DV7uJXM29DqSkz7sP47-rWA%26ip%3D110.138.99.49%26initcwndbps%3D241250%26id%3Do-AB3c8zlvnkaY8ZzYmDdp4UWJlzZ62RMbwhrZfv9yVlTP%26sparams%3Dclen%252Cdur%252Cei%252Cgir%252Cid%252Cinitcwndbps%252Cip%252Cipbits%252Citag%252Clmt%252Cmime%252Cmm%252Cmn%252Cms%252Cmv%252Cpcm2%252Cpcm2cms%252Cpl%252Cratebypass%252Crequiressl%252Csource%252Cexpire&quality=medium&type=video%2Fmp4%3B+codecs%3D%22avc1.42001E%2C+mp4a.40.2%22&itag=18&relative_loudness=-4.65900039673&cr=ID&fflags=html5_stale_dash_manifest_retry_factor=1.0&html5_decode_to_texture_cap=true&html5_ad_no_buffer_abort_after_skippable=true&html5_desktop_vr180_allow_panning=true&html5_ignore_public_setPlaybackQuality=true&html5_max_live_dvr_window_plus_margin_secs=46800.0&turn_down_serialized_player_request_for_bulleit_living_room=true&html5_delay_initial_loading=true&set_default_wta_if_missing_for_externs=true&disable_client_side_midroll_freq_capping_nonpc=true&html5_min_readbehind_secs=0&enable_endcap_on_mweb=true&use_new_skip_icon=true&html5_request_size_min_secs=0.0&html5_manifestless_synchronized=true&lasr_captions_holdback_counterfactual_id=0&web_player_response_ypc_parsing=true&midroll_notify_time_seconds=5&bulleit_get_midroll_info_timeout_ms=8000&enable_embed_autoplay_delay=true&kevlar_allow_multistep_video_init=true&html5_log_rebuffer_events=0&desktop_shopping_companion_wta_support=true&html5_no_shadow_env_data_redux=true&html5_vss_live_mode_killswitch=true&enable_html5_conversion_ve_reporting=true&fix_gpt_pos_params=true&mweb_bulleit_show_ad_top_bar_for_phones=true&attach_child_on_gel_web=true&website_actions_throttle_percentage=1.0&html5_background_quality_cap=360&mweb_muted_autoplay_animation=shrink&html5_ultra_low_latency_streaming_responses=true&legacy_autoplay_flag=true&html5_widevine_hw_secure_all=true&interaction_click_on_gel_web=true&preskip_button_style_ads_backend=countdown_next_to_thumbnail&html5_hls_min_video_height=0&web_player_api_logging_fraction=0.01&bulleit_publish_external_playback_events=true&html5_ad_stats_bearer=true&bulleit_round_up_tsla=true&enable_survey_ad_info_dialog=true&html5_disable_subscribe_new_vis=true&html5_subsegment_readahead_min_buffer_health_secs_on_timeout=0.1&html5_live_normal_latency_bandwidth_window=0.0&mweb_enable_instream_ui_refresh=true&html5_new_queueing=true&html5_probe_media_capabilities=true&html5_live_pin_to_tail=true&html5_store_xhr_headers_readable=true&live_chunk_readahead=3&html5_max_headm_for_streaming_xhr=0&html5_stop_video_in_cancel_playback=true&html5_reason_reporting_migration=true&process_extensions_in_vast_wrappers_for_survey_ads=true&html5_manifestless_always_redux=true&html5_jumbo_ull_subsegment_readahead_target=1.3&playready_first_play_expiration=-1&html5_max_readahead_bandwidth_cap=0&sdk_ad_prefetch_time_seconds=-1&html5_probe_secondary_during_timeout_miss_count=2&html5_incremental_parser_buffer_extra_bytes=16384&html5_tight_max_buffer_allowed_impaired_time=0.0&android_attestation_flow=yt_player&html5_serverside_biscotti_id_wait_ms=1000&autoplay_time=8000&html5_default_ad_gain=0.5&html5_tight_max_buffer_allowed_bandwidth_stddevs=0.0&bulleit_disable_preroll_release_on_dispose=true&html5_fallbacks_delay_primary_probes=true&set_interstitial_advertisers_question_text=true&html5_live_low_latency_bandwidth_window=0.0&android_early_fetch_for_autoplay=true&html5_live_abr_repredict_fraction=0.0&html5_adjust_effective_request_size=true&html5_quality_cap_min_age_secs=0&bulleit_mimic_ima_player_api_calls=true&desktop_action_companion_wta_support=true&use_fast_fade_in_0s=true&html5_tv_bearer=true&allow_live_autoplay=true&web_player_assume_format3_available=true&html5_jumbo_ull_nonstreaming_mffa_ms=4000&ima_video_ad_with_overlay_class_logging_percentage=0.01&set_interstitial_start_button=true&desktop_player_button_tooltip_with_shortcut=true&html5_streaming_xhr_buffer_mdat=true&use_full_timing_library=true&html5_subsegment_readahead_require_whitelist=true&ad_pod_disable_companion_persist_ads_quality=true&ad_video_end_renderer_duration_milliseconds=7000&html5_hfr_quality_cap=0&bulleit_send_engage_ping_on_companion_click=true&enable_live_premiere_web_player_indicator=true&html5_min_upgrade_health=0&html5_serverside_call_server_on_biscotti_error=true&html5_jumbo_mobile_subsegment_readahead_target=3.0&html5_creativeless_vast_on_ima=true&interaction_screen_on_gel_web=true&html5_allowable_liveness_drift_chunks=2&external_fullscreen_with_edu=true&html5_subsegment_readahead_min_buffer_health_secs=0.25&desktop_cleanup_companion_on_instream_begin=true&html5_playback_data_migration=true&ad_duration_threshold_for_showing_endcap_seconds=15&html5_playbackmanager_enable_notify_new_drm_info=true&enable_afv_div_reset_in_kevlar=true&mpu_visible_threshold_count=2&use_new_style=true&bulleit_block_player_pause_until_ad_start=true&html5_bandwidth_window_size=0&youtubei_for_web=true&dynamic_ad_break_seek_threshold_sec=0&show_thumbnail_behind_ypc_offer_module=true&deprecate_vss_dallas_cache=true&embed_api_deprecation=true&html5_ignore_bad_bitrates=true&delay_bulleit_media_load_timer=true&mweb_playsinline=true&ad_to_video_use_gel=true&html5_pipeline_manifestless=true&html5_vis_upgrades_are_resizes=true&low_engagement_player_quality_cap=360&html5_autonav_quality_cap=0&bulleit_update_tsla_cookie=true&html5_firefox_ambisonic_opus=true&html5_expire_preloaded_players=true&enable_ad_pod_specific_ui=true&html5_request_size_max_secs=31&html5_pipeline_ultra_low_latency=true&html5_parse_inline_fallback_host=true&disable_client_side_midroll_freq_capping=true&web_logging_max_batch=100&html5_qoe_bearer=true&html5_enable_embedded_player_visibility_signals=true&bulleit_use_video_ad_div_as_overlay_container=true&stop_using_ima_sdk_gpt_request_activity=true&html5_suspend_loader=true&html5_hls_pair_distinct_audio=true&skip_ad_button_with_thumbnail=true&html5_manifestless_shrink_timestamps=true&forced_brand_precap_duration_ms=2000&html5_variability_full_discount_thresh=3.0&html5_default_quality_cap=0&html5_manifestless_no_redundant_seek_to_head=true&web_player_attestation_auth_headers=true&html5_probe_live_using_range=true&html5_disable_extra_update_resource=true&html5_player_autonav_logging=true&enable_instream_companion_on_mweb=true&html5_suspend_manifest_on_pause=true&playready_on_borg=true&use_touch_events_for_bulleit_mweb=true&tvhtml5_disable_live_prefetch=true&enable_overlay_hide_timer_fix=true&bulleit_web_dim_skip_using_css=true&html5_background_cap_idle_secs=60&html5_enable_widevine_key_rotation=true&html5_min_has_advanced=true&unplugged_tvhtml5_botguard_attestation=true&use_forced_linebreak_preskip_text=true&html5_no_audio_append_cap=true&delay_ads_gvi_call_on_bulleit_living_room_ms=0&bulleit_remove_client_side_midroll_reactivation=true&enable_website_actions_on_mweb=true&html5_fludd_suspend=true&html5_progressive_fallback=true&enable_prefetch_for_postrolls=true&html5_pause_video_fix=true&fixed_padding_skip_button=true&persist_text_on_preview_button=true&html5_disable_audio_slicing=true&html5_platform_minimum_readahead_seconds=0.0&html5_get_video_info_timeout_ms=30000&html5_av1_thresh_lcc=360&html5_get_video_info_promiseajax=true&html5_video_tbd_min_kb=0&web_player_music_visualizer_treatment=fake&enable_static_font_size_on_text_only_preview=true&html5_min_buffer_to_resume=6&mweb_autonav=true&desktop_image_companion_wta_support=true&flex_theater_mode=true&html5_post_interrupt_readahead=20&embed_new_info_bar=true&html5_waiting_before_ended=true&send_html5_api_stats_ads_abandon=true&fix_bulleit_cue_range_seek=true&mweb_add_ad_info_button_on_fullscreen_only_devices=true&html5_streaming_xhr_optimize_lengthless_mp4=true&html5_license_constraint_delay=5000&bulleit_check_overlay_container_before_show=true&king_crimson_player_redux=true&web_player_response_overlay_parsing=false&vmap_enabled_living_room=true&mweb_playsinline_webview=true&enable_live_premieres_vss_live_type_lp=true&html5_optimality_migration=true&desktop_videowall_companion_wta_support=true&preskip_countdown_font_size=&web_player_response_fairplay_config_killswitch=true&bulleit_register_cue_range_events_before_ad_init=true&enable_text_ad_overlay_link_fix=true&postroll_notify_time_seconds=5&enable_bulleit_mweb_gaming_ui=true&html5_new_seeking=true&player_destroy_old_version=true&defer_playability_status_fillers=true&enable_bulleit_for_mweb=true&html5_request_size_padding_secs=3.0&html5_av1_thresh=480&add_border_to_bulleit_mweb_skip=true&sdk_wrapper_levels_allowed=0&html5_readahead_ratelimit=3000&enable_mute_ad_endpoint_resolution_on_bulleit=true&html5_ignore_updates_before_initial_ping=true&html5_vp9_live_whitelist=true&bulleit_use_cue_video_to_reset_on_stop_ad=true&html5_prefer_server_bwe3=true&uniplayer_dbp=true&html5_disable_non_contiguous=true&call_release_video_in_bulleit=true&html5_use_adaptive_live_readahead=true&html5_restrict_streaming_xhr_on_sqless_requests=true&use_always_dimmed_skip_in_bulleit_web=true&bulleit_use_touch_events_for_skip=true&show_interstitial_white=true&disable_new_pause_state3=true&html5_use_hasAdvanced_for_pbs=true&html5_preload_media=true&html5_max_av_sync_drift=50&html5_subsegment_readahead_timeout_secs=2.0&html5_dynamic_readahead_growth_rate=0.0&html5_use_streaming_xhr_abort_support=true&use_local_interactions_library=true&mweb_cougar_big_controls=true&www_for_videostats=true&html5_incremental_parser_buffer_duration_secs=1.5&mweb_cougar=true&show_thumbnail_on_standard=true&doubleclick_gpt_retagging=true&html5_aspect_from_adaptive_format=true&html5_minimum_readahead_seconds=0.0&disable_survey_interstitial_for_non_bl_surveys_desktop=true&hide_preskip=true&html5_sticky_reduces_discount_by=0.0&unplugged_tvhtml5_video_preload_on_focus_delay_ms=0&html5_inline_video_quality_survey=true&html5_manifestless_interpolate=true&html5_live_no_streaming_impedance_mismatch=true&dash_manifest_version=5&html5_disable_preserve_reference=true&use_survey_skip_in_0s=true&enable_brand_companion_on_mweb=true&html5_connect_timeout_secs=7.0&html5_gapless=true&html5_remove_pause=false&html5_incremental_parser_coalesce_slice_buffers=true&html5_shrink_live_timestamps=true&disable_organic_cta_on_ad_playback=true&show_countdown_on_bumper=true&html5_av1_thresh_hcc=0&max_resolution_for_white_noise=360&enable_overlays_wta=true&mweb_undim_skip_button_on_ad_pause=true&bulleit_use_http_get_by_default_for_get_midroll_info=true&variable_buffer_timeout_living_room_ms=0&html5_subsegment_readahead_target_buffer_health_secs=0.5&desktop_companion_wta_support=true&html5_max_buffer_duration=120&bulleit_extract_delayed_mpu_on_all_placement_init=true&enable_simple_preview_for_postrolls_html5=true&live_fresca_v2=true&bulleit_terminate_ad_when_ending_with_commands=true&web_gel_debounce_ms=10000&html5_serverside_call_server_on_biscotti_timeout=true&enable_bulleit=true&html5_new_vis_fullscreen_and_airplay=true&lightweight_watch_video_swf=true&show_interstitial_for_3s=true&html5_manifestless_captions=true&provide_default_wta_reasons=true&web_player_kaios_autoplay=true&html5_media_fullscreen=true&html5_live_4k_more_buffer=true&html5_disable_move_pssh_to_moov=true&html5_manifestless_request_prediction=true&web_player_sentinel_is_uniplayer=true&html5_adaptation_fix=true&visibility_error_html_dump_sample_rate=0.01&defer_player_config_and_threed_deciders=true&use_refreshed_overlay_buttons=true&html5_dont_predict_end_time_in_past=true&html5_manifestless_accurate_sliceinfo=true&live_readahead_seconds_multiplier=0.8&html5_live_ultra_low_latency_bandwidth_window=0.0&enable_bulleit_for_web_gaming=true&skip_restore_on_abandon_in_bulleit=true&html5_exile_broken_instances=true&html5_request_sizing_multiplier=0.8&html5_deadzone_multiplier=1.0&variable_buffer_timeout_ms=0&html5_variability_discount=0.5&html5_min_secs_between_format_selections=8.0&html5_bmffparser_use_fast_read_string=true&html5_msi_error_fallback=true&tv_html5_bulleit_unify_adinfo=true&html5_elbow_tracking_tweaks=true&log_playback_associated_web=true&mweb_muted_autoplay=true&embeds_enable_smaller_watermark_on_mobile=true&html5_live_abr_head_miss_fraction=0.0&vss_dni_delayping=0&tvhtml5_yongle_quality_cap=0&html5_unrewrite_timestamps=true&bulleit_use_video_end_cuerange_for_completion=true&html5_subsegment_readahead_seek_latency_fudge=0.5&html5_release_mediakey_after_load=true&html5_widevine_robustness_strings=true&html5_log_hls_video_height_change_as_format_change=true&enable_bulleit_lidar_integration=true&variable_load_timeout_ms=0&enable_kevlar_action_companion_cleanup=true&html5_cut_vss_on_visibility=true&html5_variability_no_discount_thresh=1.0&html5_min_readbehind_cap_secs=60&dynamic_ad_break_pause_threshold_sec=0&spacecast_uniplayer_decorate_manifest=true&ima_disable_reset_active_media_load_timeout=true&html5_subsegment_readahead_min_load_speed=1.5&html5_vp9_live_blacklist_edge=true&html5_frame_accurate_seek_limit=3&html5_use_media_capabilities=true&html5_subsegment_readahead_load_speed_check_interval=0.5&html5_streaming_xhr_progress_includes_latest=true&html5_hls_initial_bitrate=0&allow_midrolls_on_watch_resume_in_bulleit=true&html5_maximum_readahead_seconds=0.0&html5_live_disable_dg_pacing=true&mweb_ios_handle_player_click_by_touch_event=true&tvhtml5_min_readbehind_secs=20&html5_probe_primary_delay_base_ms=0&segment_volume_reporting=true&html5_df_downgrade_thresh=0.2&html5_seeking_buffering_only_playing=true&enable_bulleit_mweb_remix_ui=true&fast_autonav_in_background=true&html5_disable_vp8_only_browsers=true&html5_log_playback_rate_change_killswitch=true&video_to_ad_use_gel=true&bulleit_register_placements_in_order=true&html5_no_placeholder_rollbacks=true&enable_bulleit_ve_single_clickthrough=true&html5_reuse_loader=true&html5_qoe_intercept=&use_ima_media_selection_in_bulleit=true&html5_peak_shave=true&player_unified_fullscreen_transitions=true&web_player_response_playback_tracking_parsing=true&html5_repredict_interval_secs=0.0&token=1&innertube_api_version=v1&csi_page_type=embed&innertube_context_client_version=1.20190313&account_playback_token=QUFFLUhqbEpHR3RsYmlvUU5WRUV0c19fNVV1ck5vaHZIZ3xBQ3Jtc0trUkNoeWMzQ2lXMWpPM1EtT0M4emZueHlWclJQeklOb24yRTlsLTFZUE9KUUtFWjdMZVUyS0dpa0RGaGxQd2xRN0t0LUJpS0JVNXpBellsR294M2tQUkVNUnBFVVJybDN5MW00Q3FWNFVSOGhweXZtUQ==&ucid=UCiCiuUVpQ2vSYn1EmENGCmA&loudness=-25.6590003967&ldpj=-24&t=1
StateGameplay.hx:1143: there are 6 keys
StateGameplay.hx:1149: exit disabled
Button.hx:396: fired goal
RCCar.hx:365: touched wall
Dialog.hx:699: player speaking
Button.hx:259: map dialog: char1OK, let's get this over with.:)#First these orbs... then we go.#char2That sounds like a plan. A pretty good one, I might add...#How come you always have such great ideas?#char1Your sarcasm chip is working...:|#char2Glad to be at your service, human.
Button.hx:260: trigger to finish is now: null
Dialog.hx:403: blah
Dialog.hx:403: blah
Button.hx:521: ship playing: fly_off
Button.hx:529: killing after ,3.9735
PlayerUtils.hx:823: facial expression is happy
Dialog.hx:403: blah
Dialog.hx:699: player speaking
Dialog.hx:403: blah
Dialog.hx:403: blah
Dialog.hx:403: blah
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
Item.hx:506: picked gun ammo is: ,10
PlayerUtils.hx:823: facial expression is suspicious_long
Dialog.hx:699: player speaking
Dialog.hx:403: blah
Dialog.hx:403: blah
Dialog.hx:403: blah
Dialog.hx:403: blah
ItemDispenser.hx:123: weapon already present!
RCCar.hx:365: touched wall
Item.hx:469: out of bounds!
Player.hx:869: WARNING: attacker is null!
Player.hx:869: WARNING: attacker is null!
Button.hx:259: map dialog: char2Planning counter measures to preserve your finite life...#My system indicates that users of this creature must be on top, at all times.
Button.hx:260: trigger to finish is now: null
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
PlayerUtils.hx:823: facial expression is happy
Button.hx:607: jump
Button.hx:607: jump
Button.hx:607: jump
Button.hx:607: jump
Button.hx:607: jump
Button.hx:259: map dialog: char2Congratulations, you are still alive.
Button.hx:260: trigger to finish is now: null
Button.hx:607: jump
Button.hx:607: jump
RCCar.hx:365: touched wall
Button.hx:607: jump
Button.hx:607: jump
Button.hx:423: added quest
StateInventory.hx:451: there are 2 weapons
StateInventory.hx:881: SAVED! owned weapons are  [18]
StateInventory.hx:881: SAVED! owned weapons are  [18,17]
Registry.hx:302: already played today
Registry.hx:321: today is Thursday
Registry.hx:340: owned_weapons restored from save [18,17]
Registry.hx:371: Registry.init()
Utils.hx:861: fade from
FlxMenu.hx:284: Warning: Can't find element with SID "extra" on page "options"
StateMenu.hx:601: SETENTIA [17 waves]
AL lib: (EE) alc_cleanup: 1 device not closed
a
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data
Error after opening sound data

sca.log version 47

0022:fixme:ver:GetCurrentPackageId (0x108fecc (nil)): stub
002d:fixme:win:RegisterDeviceNotificationW (hwnd=0x1004e, filter=0x1a2fdc0,flags=0x00000000) returns a fake device notification handle!
0009:fixme:win:RegisterTouchWindow (0x10050 00000003): stub
0009:fixme:wgl:X11DRV_wglChoosePixelFormatARB unused pfAttribFList
0009:fixme:imm:ImmReleaseContext (0x10050, 0x1f5468): stub
0009:fixme:msctf:ThreadMgr_ActivateEx Unimplemented flags 0x4
0009:fixme:msctf:ThreadMgrSource_AdviseSink (0x1f53d0) Unhandled Sink: {ea1ea136-19df-11d7-a6d2-00065b84435c}
0009:fixme:imm:NotifyIME NI_CLOSECANDIDATE
0009:fixme:msctf:ThreadMgrSource_AdviseSink (0x1f53d0) Unhandled Sink: {ea1ea136-19df-11d7-a6d2-00065b84435c}
Sound.hx:119: Error: Could not load "this_should_fail"
0036:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),0,3,(nil),0,(nil)) - stub!
003a:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),0,3,(nil),0,(nil)) - stub!
003c:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),0,3,(nil),0,(nil)) - stub!
Main.hx:171: CPU: unknown


Main.hx:172: GPU: unknown


wine: Unhandled page fault on read access to 0x00000000 at address 0xbcc987 (thread 0009), starting debugger...
Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x00bcc987).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:00bcc987 ESP:0033f8c0 EBP:0033f9d4 EFLAGS:00210246(  R- --  I  Z- -P- )
 EAX:00000000 EBX:01d6c2f0 ECX:00000000 EDX:00cd6538
 ESI:00000007 EDI:00c7df24
Stack dump:
0x0033f8c0:  00000001 00c832c4 0000000c 01d6c2f0
0x0033f8d0:  0000000e 01d71c34 01d71b4c 0000000c
0x0033f8e0:  01d71c20 01d71c48 0000000e 01d71b38
0x0033f8f0:  01445f00 0000000c 01d71b24 00000000
0x0033f900:  0fafacf5 01445ed0 014608f4 015e9160
0x0033f910:  00000007 00cd6534 00000007 00cd6534
Backtrace:
=>0 0x00bcc987 in super cute alien (+0x7cc987) (0x0033f9d4)
  1 0x00bcbf8e in super cute alien (+0x7cbf8d) (0x0033f9f4)
  2 0x00bcb3a1 in super cute alien (+0x7cb3a0) (0x0033fa0c)
  3 0x00c0f092 in super cute alien (+0x80f091) (0x0033fa20)
  4 0x00be58bb in super cute alien (+0x7e58ba) (0x0033fa54)
  5 0x00bd876a in super cute alien (+0x7d8769) (0x0033fa6c)
  6 0x00bd945c in super cute alien (+0x7d945b) (0x0033fa8c)
  7 0x00bd8ff3 in super cute alien (+0x7d8ff2) (0x0033faac)
  8 0x00bcf71d in super cute alien (+0x7cf71c) (0x0033facc)
  9 0x00bd9405 in super cute alien (+0x7d9404) (0x0033faf8)
  10 0x00bcfe80 in super cute alien (+0x7cfe7f) (0x0033fb2c)
  11 0x00bcb3e1 in super cute alien (+0x7cb3e0) (0x0033fb44)
  12 0x00c0e9ad in super cute alien (+0x80e9ac) (0x0033fb54)
  13 0x00b48123 in super cute alien (+0x748122) (0x0033fb78)
  14 0x00be6736 in super cute alien (+0x7e6735) (0x0033fbec)
  15 0x00be638d in super cute alien (+0x7e638c) (0x0033fbfc)
  16 0x00bde525 in super cute alien (+0x7de524) (0x0033fc54)
  17 0x00bdd306 in super cute alien (+0x7dd305) (0x0033fc64)
  18 0x00bed0a8 in super cute alien (+0x7ed0a7) (0x0033fc78)
  19 0x10041620 in lime-legacy.ndll (+0x4161f) (0x0033fc8c)
  20 0x10006fd5 in lime-legacy.ndll (+0x6fd4) (0x0033fcf4)
  21 0x1004176a in lime-legacy.ndll (+0x41769) (0x0033fd30)
  22 0x00bfe465 in super cute alien (+0x7fe464) (0x0033fd50)
  23 0x00c0db67 in super cute alien (+0x80db66) (0x0033fd7c)
  24 0x00bdd55b in super cute alien (+0x7dd55a) (0x0033fde4)
  25 0x00be649f in super cute alien (+0x7e649e) (0x0033fe38)
  26 0x00be88d0 in super cute alien (+0x7e88cf) (0x0033fe74)
  27 0x00c18bf8 in super cute alien (+0x818bf7) (0x0033fec0)
  28 0x7b461482 call_process_entry+0x11() in kernel32 (0x0033fed8)
  29 0x7b462be6 start_process+0x105() in kernel32 (0x0033ffd8)
  30 0x7b46148e start_process_wrapper+0x9() in kernel32 (0x0033ffec)
0x00bcc987: movl	0x0(%ecx),%eax
Modules:
Module	Address			Debug info	Name (167 modules)
PE	  350000-  385000	Deferred        std
PE	  390000-  3c6000	Deferred        regexp
PE	  3d0000-  3f6000	Deferred        zlib
PE	  400000-  f90000	Export          super cute alien
PE	 16f0000- 170f000	Deferred        systools.ndll
PE	10000000-10493000	Export          lime-legacy.ndll
ELF	78d3f000-7a800000	Deferred        libnvidia-glcore.so.415.27
ELF	7a800000-7a93f000	Deferred        opengl32<elf>
  \-PE	7a820000-7a93f000	\               opengl32
ELF	7aa29000-7aa74000	Deferred        dsound<elf>
  \-PE	7aa30000-7aa74000	\               dsound
ELF	7aa74000-7aa9d000	Deferred        winepulse<elf>
  \-PE	7aa80000-7aa9d000	\               winepulse
ELF	7b071000-7b09c000	Deferred        libpng12.so.0
ELF	7b0be000-7b0e1000	Deferred        mmdevapi<elf>
  \-PE	7b0c0000-7b0e1000	\               mmdevapi
ELF	7b2e6000-7b400000	Deferred        libglx_nvidia.so.0
ELF	7b400000-7b7ea000	Export          kernel32<elf>
  \-PE	7b420000-7b7ea000	\               kernel32
ELF	7b82d000-7b864000	Deferred        msctf<elf>
  \-PE	7b830000-7b864000	\               msctf
ELF	7b864000-7b8c3000	Deferred        libgldispatch.so.0
ELF	7b8c3000-7b8e6000	Deferred        libglx.so.0
ELF	7b8e6000-7b947000	Deferred        libgl.so.1
ELF	7b98c000-7b9f9000	Deferred        setupapi<elf>
  \-PE	7b9a0000-7b9f9000	\               setupapi
ELF	7b9f9000-7ba85000	Deferred        libvorbisenc.so.2
ELF	7ba85000-7bae4000	Deferred        libflac.so.8
ELF	7bae4000-7bb73000	Deferred        libsndfile.so.1
ELF	7bb73000-7bc00000	Deferred        libpulsecommon-11.1.so
ELF	7bc00000-7bd14000	Deferred        ntdll<elf>
  \-PE	7bc10000-7bd14000	\               ntdll
ELF	7bd29000-7bd54000	Deferred        libvorbis.so.0
ELF	7bd54000-7bd99000	Deferred        libxkbcommon.so.0
ELF	7bd99000-7bebc000	Deferred        libasound.so.2
ELF	7bebc000-7c000000	Deferred        libsdl2-2.0.so.0
ELF	7c000000-7c004000	Deferred        <wine-loader>
ELF	7c011000-7c02a000	Deferred        hid<elf>
  \-PE	7c020000-7c02a000	\               hid
ELF	7c02a000-7c033000	Deferred        libogg.so.0
ELF	7c033000-7c03a000	Deferred        libasyncns.so.0
ELF	7c03a000-7c045000	Deferred        libwrap.so.0
ELF	7c045000-7c053000	Deferred        libwayland-client.so.0
ELF	7c053000-7c060000	Deferred        libxrandr.so.2
ELF	7c060000-7c0ba000	Deferred        libpulse.so.0
ELF	7c0bb000-7c0c0000	Deferred        libnvidia-tls.so.415.27
ELF	7c0c7000-7c0e8000	Deferred        libudev.so.1
ELF	7c0e8000-7c0ff000	Deferred        xinput1_4<elf>
  \-PE	7c0f0000-7c0ff000	\               xinput1_4
ELF	7c0ff000-7c14d000	Deferred        dinput8<elf>
  \-PE	7c110000-7c14d000	\               dinput8
ELF	7c16f000-7c187000	Deferred        libgpg-error.so.0
ELF	7c187000-7c268000	Deferred        libgcrypt.so.20
ELF	7c268000-7c294000	Deferred        liblzma.so.5
ELF	7c294000-7c324000	Deferred        libsystemd.so.0
ELF	7c324000-7c400000	Deferred        libkrb5.so.3
ELF	7c407000-7c419000	Deferred        libsndio.so.6.1
ELF	7c419000-7c42f000	Deferred        liblz4.so.1
ELF	7c42f000-7c48a000	Deferred        libdbus-1.so.3
ELF	7c48a000-7c497000	Deferred        libkrb5support.so.0
ELF	7c497000-7c4cc000	Deferred        libk5crypto.so.3
ELF	7c4cc000-7c4e0000	Deferred        libavahi-client.so.3
ELF	7c4e0000-7c4ee000	Deferred        libavahi-common.so.3
ELF	7c4ee000-7c542000	Deferred        libgssapi_krb5.so.2
ELF	7c542000-7c5d5000	Deferred        libcups.so.2
ELF	7c5d5000-7c5de000	Deferred        libwayland-cursor.so.0
ELF	7c602000-7c61a000	Deferred        shcore<elf>
  \-PE	7c610000-7c61a000	\               shcore
ELF	7c61a000-7c621000	Deferred        libxfixes.so.3
ELF	7c621000-7c62d000	Deferred        libxcursor.so.1
ELF	7c72d000-7c739000	Deferred        libxrender.so.1
ELF	7c739000-7c74c000	Deferred        libxi.so.6
ELF	7c74c000-7c750000	Deferred        libxcomposite.so.1
ELF	7c750000-7c76b000	Deferred        libbsd.so.0
ELF	7c76b000-7c797000	Deferred        libxcb.so.1
ELF	7c797000-7c8e1000	Deferred        libx11.so.6
ELF	7c8e1000-7c974000	Deferred        winex11<elf>
  \-PE	7c8f0000-7c974000	\               winex11
ELF	7c974000-7d32e000	Deferred        shell32<elf>
  \-PE	7c980000-7d32e000	\               shell32
ELF	7d3a9000-7d3b0000	Deferred        libxxf86vm.so.1
ELF	7d3b0000-7d3b4000	Deferred        libxinerama.so.1
ELF	7d3b4000-7d3bb000	Deferred        libxdmcp.so.6
ELF	7d3bb000-7d3d0000	Deferred        libxext.so.6
ELF	7d3d0000-7d3d3000	Deferred        libwayland-egl.so.1
ELF	7d3d3000-7d3d7000	Deferred        libxss.so.1
ELF	7d3d7000-7d3dc000	Deferred        libkeyutils.so.1
ELF	7d3dc000-7d413000	Deferred        uxtheme<elf>
  \-PE	7d3e0000-7d413000	\               uxtheme
ELF	7d415000-7d45b000	Deferred        usp10<elf>
  \-PE	7d420000-7d45b000	\               usp10
ELF	7d45b000-7d595000	Deferred        comctl32<elf>
  \-PE	7d460000-7d595000	\               comctl32
ELF	7d595000-7d687000	Deferred        comdlg32<elf>
  \-PE	7d5a0000-7d687000	\               comdlg32
ELF	7d687000-7d6fd000	Deferred        shlwapi<elf>
  \-PE	7d690000-7d6fd000	\               shlwapi
ELF	7d6fd000-7d706000	Deferred        libffi.so.6
ELF	7d706000-7d738000	Deferred        libcrypt.so.1
ELF	7d738000-7d856000	Deferred        libsqlite3.so.0
ELF	7d856000-7d8a5000	Deferred        libhx509.so.5
ELF	7d8a5000-7d8b6000	Deferred        libheimbase.so.1
ELF	7d8b6000-7d8e0000	Deferred        libwind.so.0
ELF	7d8e0000-7d96b000	Deferred        libgmp.so.10
ELF	7d96b000-7d9a1000	Deferred        libhogweed.so.4
ELF	7d9a1000-7d9dd000	Deferred        libnettle.so.6
ELF	7d9dd000-7d9f2000	Deferred        libtasn1.so.6
ELF	7d9f2000-7db73000	Deferred        libunistring.so.2
ELF	7db73000-7db91000	Deferred        libidn2.so.0
ELF	7db91000-7dcdf000	Deferred        libp11-kit.so.0
ELF	7dcdf000-7dcf7000	Deferred        libroken.so.18
ELF	7dcf7000-7dd33000	Deferred        libhcrypto.so.4
ELF	7dd33000-7dd38000	Deferred        libcom_err.so.2
ELF	7dd38000-7ddeb000	Deferred        libasn1.so.8
ELF	7ddeb000-7de88000	Deferred        libkrb5.so.26
ELF	7de88000-7de92000	Deferred        libheimntlm.so.0
ELF	7de92000-7e028000	Deferred        libgnutls.so.30
ELF	7e028000-7e06f000	Deferred        libgssapi.so.3
ELF	7e06f000-7e08d000	Deferred        libsasl2.so.2
ELF	7e08d000-7e0a5000	Deferred        libresolv.so.2
ELF	7e0a5000-7e0b5000	Deferred        liblber-2.4.so.2
ELF	7e0b5000-7e111000	Deferred        libldap_r-2.4.so.2
ELF	7e112000-7e116000	Deferred        libxau.so.6
ELF	7e116000-7e156000	Deferred        winspool<elf>
  \-PE	7e120000-7e156000	\               winspool
ELF	7e156000-7e1b0000	Deferred        wldap32<elf>
  \-PE	7e160000-7e1b0000	\               wldap32
ELF	7e1b0000-7e1ea000	Deferred        ws2_32<elf>
  \-PE	7e1c0000-7e1ea000	\               ws2_32
ELF	7e1ea000-7e31b000	Deferred        oleaut32<elf>
  \-PE	7e200000-7e31b000	\               oleaut32
ELF	7e31b000-7e346000	Deferred        msacm32<elf>
  \-PE	7e320000-7e346000	\               msacm32
ELF	7e346000-7e3fe000	Deferred        winmm<elf>
  \-PE	7e350000-7e3fe000	\               winmm
ELF	7e3fe000-7e47d000	Deferred        rpcrt4<elf>
  \-PE	7e410000-7e47d000	\               rpcrt4
ELF	7e47d000-7e5d6000	Deferred        ole32<elf>
  \-PE	7e490000-7e5d6000	\               ole32
ELF	7e5d6000-7e5fb000	Deferred        imm32<elf>
  \-PE	7e5e0000-7e5fb000	\               imm32
ELF	7e70f000-7e741000	Deferred        libexpat.so.1
ELF	7e741000-7e78e000	Deferred        libfontconfig.so.1
ELF	7e78e000-7e7c8000	Deferred        libpng16.so.16
ELF	7e7c8000-7e885000	Deferred        libfreetype.so.6
ELF	7e8ca000-7e943000	Deferred        advapi32<elf>
  \-PE	7e8e0000-7e943000	\               advapi32
ELF	7e943000-7ea70000	Deferred        gdi32<elf>
  \-PE	7e950000-7ea70000	\               gdi32
ELF	7ea70000-7ec72000	Deferred        user32<elf>
  \-PE	7ea80000-7ec72000	\               user32
ELF	7ee72000-7ee86000	Deferred        libnss_files.so.2
ELF	7ee86000-7eea1000	Deferred        libnsl.so.1
ELF	7eea1000-7eeaf000	Deferred        libnss_nis.so.2
ELF	7eeaf000-7eeb9000	Deferred        libnss_compat.so.2
ELF	7eeb9000-7efbb000	Deferred        libm.so.6
ELF	7efbe000-7efc7000	Deferred        libuuid.so.1
ELF	7efc7000-7efe6000	Deferred        libz.so.1
ELF	7efe6000-7f000000	Deferred        version<elf>
  \-PE	7eff0000-7f000000	\               version
ELF	f7b12000-f7b17000	Deferred        libdl.so.2
ELF	f7b17000-f7cf3000	Deferred        libc.so.6
ELF	f7cf3000-f7d12000	Deferred        libpthread.so.0
ELF	f7d16000-f7d20000	Deferred        librt.so.1
ELF	f7d57000-f7f0e000	Export          libwine.so.1
ELF	f7f10000-f7f38000	Deferred        ld-linux.so.2
ELF	f7f3b000-f7f3d000	Deferred        [vdso].so
Threads:
process  tid      prio (all id:s are in hex)
00000008 (D) C:\users\steamuser\Application Data\itch\apps\super-cute-alien\SUPER Cute Alien.exe
	00000032   15
	00000031    0
	00000030   15
	0000002f    0
	0000002e    0
	0000002d    0
	0000002c    0
	0000002b    0
	00000025    0
	00000024    0
	00000023    0
	00000022    0
	00000009    0 <==
0000000c services.exe
	0000001e    0
	00000019    0
	00000013    0
	00000012    0
	00000011    0
	0000000e    0
	0000000d    0
0000000f winedevice.exe
	00000016    0
	00000015    0
	00000014    0
	00000010    0
00000017 plugplay.exe
	0000001b    0
	0000001a    0
	00000018    0
0000001c winedevice.exe
	00000021    0
	00000020    0
	0000001f    0
	0000001d    0
00000026 explorer.exe
	0000002a    0
	00000029    0
	00000028    0
	00000027    0
System information:
    Wine build: wine-3.16
    Platform: i386 (WOW64)
    Version: Windows 7
    Host system: Linux
    Host version: 4.18.0-16-generic

sca.log version 49

0009:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError"
0009:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32"
0009:Call KERNEL32.__wine_kernel_init() ret=7bc89847
000b:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError"
000b:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32"
000b:Call KERNEL32.__wine_kernel_init() ret=7bc85261
000b:Ret  KERNEL32.__wine_kernel_init() retval=7b47d405 ret=7bc85261
000b:Call PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00)
000b:Ret  PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
000b:Call PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
000b:Ret  PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
000b:Call PE DLL (proc=0x7f7663c901d4,module=0x7f7663c40000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
000b:Ret  PE DLL (proc=0x7f7663c901d4,module=0x7f7663c40000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
000b:Call PE DLL (proc=0x7f7665b34699,module=0x7f7665b30000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00)
000b:Call ntdll.LdrDisableThreadCalloutsForDll(7f7665b30000) ret=7f7665b34692
000b:Ret  ntdll.LdrDisableThreadCalloutsForDll() retval=00000000 ret=7f7665b34692
000b:Ret  PE DLL (proc=0x7f7665b34699,module=0x7f7665b30000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
000b:Starting process L"C:\\windows\\system32\\wineboot.exe" (entryproc=0x7f7665b10401)
000b:fixme:winediag:start_process Wine Staging 4.3 is a testing version containing experimental patches.
000b:fixme:winediag:start_process Please mention your exact version when filing bug reports on winehq.org.
000b:Call KERNEL32.GetWindowsDirectoryW(7f7665b229e0,00000104) ret=7f7665b0b7da
000b:Ret  KERNEL32.GetWindowsDirectoryW() retval=0000000a ret=7f7665b0b7da
000b:Call KERNEL32.SetCurrentDirectoryW(7f7665b229e0 L"C:\\windows") ret=7f7665b0b7e6
000b:Ret  KERNEL32.SetCurrentDirectoryW() retval=00000001 ret=7f7665b0b7e6
000b:Call KERNEL32.IsWow64Process(ffffffffffffffff,0024ed28) ret=7f7665b0b80b
000b:Ret  KERNEL32.IsWow64Process() retval=00000001 ret=7f7665b0b80b
000b:Call KERNEL32.ResetEvent(00000020) ret=7f7665b0b97a
000b:Ret  KERNEL32.ResetEvent() retval=00000001 ret=7f7665b0b97a
000b:Call KERNEL32.GetSystemDirectoryW(0024f430,00000104) ret=7f7665b0b98f
000b:Ret  KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7f7665b0b98f
000b:Call KERNEL32.LoadLibraryA(7f7665b1ae5c "shlwapi.dll") ret=7f7665b103df
000b:Call PE DLL (proc=0x7f7663885fe2,module=0x7f76637f0000 L"gdi32.dll",reason=PROCESS_ATTACH,res=(nil))
000b:Ret  PE DLL (proc=0x7f7663885fe2,module=0x7f76637f0000 L"gdi32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
000b:Call PE DLL (proc=0x7f766453a721,module=0x7f7664530000 L"version.dll",reason=PROCESS_ATTACH,res=(nil))
000b:Call KERNEL32.DisableThreadLibraryCalls(7f7664530000) ret=7f766453a859
000b:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f766453a859
000b:Ret  PE DLL (proc=0x7f766453a721,module=0x7f7664530000 L"version.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
000b:Call PE DLL (proc=0x7f7663a20449,module=0x7f7663970000 L"user32.dll",reason=PROCESS_ATTACH,res=(nil))
000b:Call PE DLL (proc=0x7f766451bce5,module=0x7f7664500000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil))
000b:Call user32.User32InitializeImmEntryTable(19650412) ret=7f7664519858
000b:Ret  user32.User32InitializeImmEntryTable() retval=00000001 ret=7f7664519858
000b:Ret  PE DLL (proc=0x7f766451bce5,module=0x7f7664500000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
000b:Ret  PE DLL (proc=0x7f7663a20449,module=0x7f7663970000 L"user32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
000b:Call PE DLL (proc=0x7f7663bf885b,module=0x7f7663bb0000 L"shlwapi.dll",reason=PROCESS_ATTACH,res=(nil))
000b:Call KERNEL32.DisableThreadLibraryCalls(7f7663bb0000) ret=7f7663be8010
000b:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f7663be8010
000b:Ret  PE DLL (proc=0x7f7663bf885b,module=0x7f7663bb0000 L"shlwapi.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
000b:Ret  KERNEL32.LoadLibraryA() retval=7f7663bb0000 ret=7f7665b103df
000b:Call KERNEL32.GetProcAddress(7f7663bb0000,7f7665b1aee4 "PathFileExistsW") ret=7f7665b103c0
000b:Ret  KERNEL32.GetProcAddress() retval=7f7663bc33f4 ret=7f7665b103c0
000b:Call shlwapi.PathFileExistsW(0024f430 L"C:\\.windows-serial") ret=7f7665b0b9f4
000b:Call KERNEL32.SetErrorMode(00000001) ret=7f7663bd8a00
000b:Ret  KERNEL32.SetErrorMode() retval=00000000 ret=7f7663bd8a00
000b:Call KERNEL32.GetFileAttributesW(0024f430 L"C:\\.windows-serial") ret=7f7663bd8a0a
000b:Ret  KERNEL32.GetFileAttributesW() retval=00000020 ret=7f7663bd8a0a
000b:Call KERNEL32.SetErrorMode(00000000) ret=7f7663bd8a13
000b:Ret  KERNEL32.SetErrorMode() retval=00000001 ret=7f7663bd8a13
000b:Ret  shlwapi.PathFileExistsW() retval=00000001 ret=7f7665b0b9f4
000b:Call ntdll.NtQuerySystemInformation(00000001,0024ed90,0000000c,00000000) ret=7f7665b0bd1a
000b:Ret  ntdll.NtQuerySystemInformation() retval=00000000 ret=7f7665b0bd1a
000b:Call ntdll.RtlAllocateHeap(00030000,00000000,00000060) ret=7f7665b0bd34
000b:Ret  ntdll.RtlAllocateHeap() retval=00035eb0 ret=7f7665b0bd34
000b:Call ntdll.NtPowerInformation(0000000b,00000000,00000000,00035eb0,00000060) ret=7f7665b0bd57
000b:Ret  ntdll.NtPowerInformation() retval=00000000 ret=7f7665b0bd57
000b:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f7665b11d60 L"Hardware\\Description\\System",00000000,00000000,00000001,000f003f,00000000,0024ed40,00000000) ret=7f7665b0bde5
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0bde5
000b:Call advapi32.RegSetValueExW(00000068,7f7665b11d30 L"Identifier",00000000,00000001,7f7665b11cd0,0000001c) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegCreateKeyExW(00000068,7f7665b11ca0 L"FloatingPointProcessor",00000000,00000000,00000001,000f003f,00000000,0024ed70,00000000) ret=7f7665b0be7e
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0be7e
000b:Call advapi32.RegCreateKeyExW(00000068,7f7665b11c60 L"CentralProcessor",00000000,00000000,00000001,000f003f,00000000,0024ed48,00000000) ret=7f7665b0bed7
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0bed7
000b:Call advapi32.RegCreateKeyExW(00000070,0024ee00 L"0",00000000,00000000,00000001,000f003f,00000000,0024ed38,00000000) ret=7f7665b0bfe0
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0bfe0
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11c30 L"FeatureSet",00000000,00000004,0024ed98,00000004) ret=7f7665b0c01a
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c01a
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11d30 L"Identifier",00000000,00000001,0024f430,0000004a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11c00 L"ProcessorNameString",00000000,00000001,0024f220,00000060) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11bc0 L"VendorIdentifier",00000000,00000001,0024f010,0000001a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11ba8 L"~MHz",00000000,00000004,00035eb4,00000004) ret=7f7665b0c09c
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c09c
000b:Call advapi32.RegCloseKey(00000074) ret=7f7665b0c0a9
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c0a9
000b:Call advapi32.RegCreateKeyExW(0000006c,0024ee00 L"0",00000000,00000000,00000001,000f003f,00000000,0024ed38,00000000) ret=7f7665b0bf72
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0bf72
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11d30 L"Identifier",00000000,00000001,0024f430,0000004a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegCloseKey(00000074) ret=7f7665b0d696
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0d696
000b:Call advapi32.RegCreateKeyExW(00000070,0024ee00 L"1",00000000,00000000,00000001,000f003f,00000000,0024ed38,00000000) ret=7f7665b0bfe0
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0bfe0
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11c30 L"FeatureSet",00000000,00000004,0024ed98,00000004) ret=7f7665b0c01a
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c01a
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11d30 L"Identifier",00000000,00000001,0024f430,0000004a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11c00 L"ProcessorNameString",00000000,00000001,0024f220,00000060) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11bc0 L"VendorIdentifier",00000000,00000001,0024f010,0000001a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11ba8 L"~MHz",00000000,00000004,00035ecc,00000004) ret=7f7665b0c09c
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c09c
000b:Call advapi32.RegCloseKey(00000074) ret=7f7665b0c0a9
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c0a9
000b:Call advapi32.RegCreateKeyExW(0000006c,0024ee00 L"1",00000000,00000000,00000001,000f003f,00000000,0024ed38,00000000) ret=7f7665b0bf72
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0bf72
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11d30 L"Identifier",00000000,00000001,0024f430,0000004a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegCloseKey(00000074) ret=7f7665b0d696
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0d696
000b:Call advapi32.RegCreateKeyExW(00000070,0024ee00 L"2",00000000,00000000,00000001,000f003f,00000000,0024ed38,00000000) ret=7f7665b0bfe0
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0bfe0
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11c30 L"FeatureSet",00000000,00000004,0024ed98,00000004) ret=7f7665b0c01a
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c01a
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11d30 L"Identifier",00000000,00000001,0024f430,0000004a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11c00 L"ProcessorNameString",00000000,00000001,0024f220,00000060) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11bc0 L"VendorIdentifier",00000000,00000001,0024f010,0000001a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11ba8 L"~MHz",00000000,00000004,00035ee4,00000004) ret=7f7665b0c09c
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c09c
000b:Call advapi32.RegCloseKey(00000074) ret=7f7665b0c0a9
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c0a9
000b:Call advapi32.RegCreateKeyExW(0000006c,0024ee00 L"2",00000000,00000000,00000001,000f003f,00000000,0024ed38,00000000) ret=7f7665b0bf72
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0bf72
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11d30 L"Identifier",00000000,00000001,0024f430,0000004a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegCloseKey(00000074) ret=7f7665b0d696
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0d696
000b:Call advapi32.RegCreateKeyExW(00000070,0024ee00 L"3",00000000,00000000,00000001,000f003f,00000000,0024ed38,00000000) ret=7f7665b0bfe0
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0bfe0
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11c30 L"FeatureSet",00000000,00000004,0024ed98,00000004) ret=7f7665b0c01a
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c01a
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11d30 L"Identifier",00000000,00000001,0024f430,0000004a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11c00 L"ProcessorNameString",00000000,00000001,0024f220,00000060) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11bc0 L"VendorIdentifier",00000000,00000001,0024f010,0000001a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11ba8 L"~MHz",00000000,00000004,00035efc,00000004) ret=7f7665b0c09c
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c09c
000b:Call advapi32.RegCloseKey(00000074) ret=7f7665b0c0a9
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c0a9
000b:Call advapi32.RegCreateKeyExW(0000006c,0024ee00 L"3",00000000,00000000,00000001,000f003f,00000000,0024ed38,00000000) ret=7f7665b0bf72
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0bf72
000b:Call advapi32.RegSetValueExW(00000074,7f7665b11d30 L"Identifier",00000000,00000001,0024f430,0000004a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegCloseKey(00000074) ret=7f7665b0d696
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0d696
000b:Call advapi32.RegCloseKey(0000006c) ret=7f7665b0c0c0
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c0c0
000b:Call advapi32.RegCloseKey(00000070) ret=7f7665b0c0cd
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c0cd
000b:Call advapi32.RegCloseKey(00000068) ret=7f7665b0c0da
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c0da
000b:Call ntdll.RtlFreeHeap(00030000,00000000,00035eb0) ret=7f7665b0c0f1
000b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f7665b0c0f1
000b:Call advapi32.RegCreateKeyExW(ffffffff80000006,7f7665b11b20 L"PerfStats\\StatData",00000000,00000000,00000000,00020006,00000000,0024ed70,00000000) ret=7f7665b0c136
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0c136
000b:Call advapi32.RegCloseKey(00000070) ret=7f7665b0c8d2
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c8d2
000b:Call advapi32.RegCreateKeyExW(ffffffff80000006,7f7665b11ae0 L"Config Manager\\Enum",00000000,00000000,00000000,00020006,00000000,0024ed70,00000000) ret=7f7665b0c183
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0c183
000b:Call advapi32.RegCreateKeyExW(00000070,7f7665b22620 L"C29A23D0",00000000,00000000,00000000,00020006,00000000,0024ed90,00000000) ret=7f7665b0c209
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0c209
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11ab0 L"HardWareKey",00000000,00000001,7f7665b22632,0000001a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11aa0 L"Problem",00000000,00000003,7f7665b226b2,00000004) ret=7f7665b0c25a
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c25a
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a88 L"Status",00000000,00000003,7f7665b226b6,00000004) ret=7f7665b0c288
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c288
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a70 L"Allocation",00000000,00000003,7f7665b226ba,0000000c) ret=7f7665b0c2bc
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c2bc
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a60 L"Child",00000000,00000003,7f7665b226c6,00000004) ret=7f7665b0c2f0
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c2f0
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a50 L"Sibling",00000000,00000003,7f7665b226ca,00000004) ret=7f7665b0c324
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c324
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a40 L"Parent",00000000,00000003,7f7665b226ce,00000004) ret=7f7665b0c358
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c358
000b:Call advapi32.RegCloseKey(0000006c) ret=7f7665b0c365
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c365
000b:Call advapi32.RegCreateKeyExW(00000070,7f7665b226d2 L"C29A5A40",00000000,00000000,7f7600000000,00020006,00000000,0024ed90,00000000) ret=7f7665b0c209
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0c209
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11ab0 L"HardWareKey",00000000,00000001,7f7665b226e4,00000022) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11aa0 L"Problem",00000000,00000003,7f7665b22764,00000004) ret=7f7665b0c25a
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c25a
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a88 L"Status",00000000,00000003,7f7665b22768,00000004) ret=7f7665b0c288
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c288
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a70 L"Allocation",00000000,00000003,7f7665b2276c,0000000c) ret=7f7665b0c2bc
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c2bc
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a60 L"Child",00000000,00000003,7f7665b22778,00000004) ret=7f7665b0c2f0
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c2f0
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a50 L"Sibling",00000000,00000003,7f7665b2277c,00000004) ret=7f7665b0c324
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c324
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a40 L"Parent",00000000,00000003,7f7665b22780,00000004) ret=7f7665b0c358
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c358
000b:Call advapi32.RegCloseKey(0000006c) ret=7f7665b0c365
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c365
000b:Call advapi32.RegCreateKeyExW(00000070,7f7665b22784 L"C29A5C60",00000000,00000000,7f7600000000,00020006,00000000,0024ed90,00000000) ret=7f7665b0c209
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0c209
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11ab0 L"HardWareKey",00000000,00000001,7f7665b22796,0000001c) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11aa0 L"Problem",00000000,00000003,7f7665b22816,00000004) ret=7f7665b0c25a
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c25a
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a88 L"Status",00000000,00000003,7f7665b2281a,00000004) ret=7f7665b0c288
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c288
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a70 L"Allocation",00000000,00000003,7f7665b2281e,0000000c) ret=7f7665b0c2bc
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c2bc
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a60 L"Child",00000000,00000003,7f7665b2282a,00000004) ret=7f7665b0c2f0
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c2f0
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a50 L"Sibling",00000000,00000003,7f7665b2282e,00000004) ret=7f7665b0c324
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c324
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a40 L"Parent",00000000,00000003,7f7665b22832,00000004) ret=7f7665b0c358
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c358
000b:Call advapi32.RegCloseKey(0000006c) ret=7f7665b0c365
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c365
000b:Call advapi32.RegCreateKeyExW(00000070,7f7665b22836 L"C29A5DC0",00000000,00000000,7f7600000000,00020006,00000000,0024ed90,00000000) ret=7f7665b0c209
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0c209
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11ab0 L"HardWareKey",00000000,00000001,7f7665b22848,00000036) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11aa0 L"Problem",00000000,00000003,7f7665b228c8,00000004) ret=7f7665b0c25a
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c25a
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a88 L"Status",00000000,00000003,7f7665b228cc,00000004) ret=7f7665b0c288
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c288
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a70 L"Allocation",00000000,00000003,7f7665b228d0,0000000c) ret=7f7665b0c2bc
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c2bc
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a60 L"Child",00000000,00000003,7f7665b228dc,00000004) ret=7f7665b0c2f0
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c2f0
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a50 L"Sibling",00000000,00000003,7f7665b228e0,00000004) ret=7f7665b0c324
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c324
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a40 L"Parent",00000000,00000003,7f7665b228e4,00000004) ret=7f7665b0c358
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c358
000b:Call advapi32.RegCloseKey(0000006c) ret=7f7665b0c365
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c365
000b:Call advapi32.RegCreateKeyExW(00000070,7f7665b228e8 L"C29A5F20",00000000,00000000,7f7600000000,00020006,00000000,0024ed90,00000000) ret=7f7665b0c209
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0c209
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11ab0 L"HardWareKey",00000000,00000001,7f7665b228fa,00000022) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11aa0 L"Problem",00000000,00000003,7f7665b2297a,00000004) ret=7f7665b0c25a
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c25a
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a88 L"Status",00000000,00000003,7f7665b2297e,00000004) ret=7f7665b0c288
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c288
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a70 L"Allocation",00000000,00000003,7f7665b22982,0000000c) ret=7f7665b0c2bc
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c2bc
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a60 L"Child",00000000,00000003,7f7665b2298e,00000004) ret=7f7665b0c2f0
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c2f0
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a50 L"Sibling",00000000,00000003,7f7665b22992,00000004) ret=7f7665b0c324
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c324
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11a40 L"Parent",00000000,00000003,7f7665b22996,00000004) ret=7f7665b0c358
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0c358
000b:Call advapi32.RegCloseKey(0000006c) ret=7f7665b0c365
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c365
000b:Call advapi32.RegCloseKey(00000070) ret=7f7665b0c37c
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c37c
000b:Call advapi32.RegCreateKeyW(ffffffff80000002,7f7665b119c0 L"System\\CurrentControlSet\\Control\\Session Manager\\Environment",0024ed70) ret=7f7665b0c394
000b:Ret  advapi32.RegCreateKeyW() retval=00000000 ret=7f7665b0c394
000b:Call ntdll.NtQuerySystemInformation(00000001,0024ed90,0000000c,00000000) ret=7f7665b0c70c
000b:Ret  ntdll.NtQuerySystemInformation() retval=00000000 ret=7f7665b0c70c
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11980 L"NUMBER_OF_PROCESSORS",00000000,00000001,0024f430,00000004) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11900 L"PROCESSOR_ARCHITECTURE",00000000,00000001,7f7665b11970,0000000c) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11860 L"PROCESSOR_IDENTIFIER",00000000,00000001,0024f430,00000066) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11840 L"PROCESSOR_LEVEL",00000000,00000001,0024f430,00000004) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegSetValueExW(0000006c,7f7665b11800 L"PROCESSOR_REVISION",00000000,00000001,0024f430,0000000a) ret=7f7665b0f5e4
000b:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f7665b0f5e4
000b:Call advapi32.RegCloseKey(0000006c) ret=7f7665b0c8c0
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0c8c0
000b:Call KERNEL32.GetPrivateProfileSectionW(7f7665b117e8 L"rename",0024f430,00000400,7f7665b117d0 L"wininit.ini") ret=7f7665b0c412
000b:Ret  KERNEL32.GetPrivateProfileSectionW() retval=00000000 ret=7f7665b0c412
000b:Call advapi32.RegOpenKeyExW(ffffffff80000002,7f7665b11720 L"System\\CurrentControlSet\\Control\\Session Manager",00000000,000f003f,0024ed90) ret=7f7665b0c482
000b:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7f7665b0c482
000b:Call advapi32.RegQueryValueExW(0000006c,7f7665b116e0 L"PendingFileRenameOperations",00000000,00000000,00000000,0024ed70) ret=7f7665b0d43f
000b:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f7665b0d43f
000b:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f7665b0d477
000b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f7665b0d477
000b:Call advapi32.RegCloseKey(0000006c) ret=7f7665b0d48d
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0d48d
000b:Call advapi32.RegOpenKeyW(ffffffff80000002,7f7665b11660 L"Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",0024ed90) ret=7f7665b0c4b2
000b:Ret  advapi32.RegOpenKeyW() retval=00000002 ret=7f7665b0c4b2
000b:Call advapi32.RegCloseKey(00000000) ret=7f7665b0c4c7
000b:Ret  advapi32.RegCloseKey() retval=00000006 ret=7f7665b0c4c7
000b:Call KERNEL32.GetSystemDirectoryW(00000000,00000000) ret=7f7665b0c4d0
000b:Ret  KERNEL32.GetSystemDirectoryW() retval=00000014 ret=7f7665b0c4d0
000b:Call ntdll.RtlAllocateHeap(00030000,00000000,00000040) ret=7f7665b0c4ee
000b:Ret  ntdll.RtlAllocateHeap() retval=00048990 ret=7f7665b0c4ee
000b:Call KERNEL32.GetSystemDirectoryW(00048990,00000014) ret=7f7665b0c4fc
000b:Ret  KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7f7665b0c4fc
000b:Call KERNEL32.FindFirstFileW(00048990 L"C:\\windows\\system32\\dllcache\\*",0024f430) ret=7f7665b0c543
000b:Ret  KERNEL32.FindFirstFileW() retval=ffffffffffffffff ret=7f7665b0c543
000b:Call KERNEL32.FindClose(ffffffffffffffff) ret=7f7665b0cac4
000b:Ret  KERNEL32.FindClose() retval=00000000 ret=7f7665b0cac4
000b:Call ntdll.RtlFreeHeap(00030000,00000000,00048990) ret=7f7665b0cadb
000b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f7665b0cadb
000b:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f7665b111e0 L"Software\\Microsoft\\Windows\\CurrentVersion",00000000,00000000,00000000,00020019,00000000,0024eb90,00000000) ret=7f7665b0fd0d
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0fd0d
000b:Call advapi32.RegCreateKeyExW(0000006c,7f7665b11ec0 L"RunServicesOnce",00000000,00000000,00000000,000f003f,00000000,0024eb98,0024eb70) ret=7f7665b0fd69
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0fd69
000b:Call advapi32.RegCloseKey(0000006c) ret=7f7665b0fd7a
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0fd7a
000b:Call advapi32.RegQueryInfoKeyW(00000070,00000000,00000000,00000000,00000000,00000000,00000000,0024eb74,0024eb7c,0024eb78,00000000,00000000) ret=7f7665b0feda
000b:Ret  advapi32.RegQueryInfoKeyW() retval=00000000 ret=7f7665b0feda
000b:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f7665b0fda8
000b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f7665b0fda8
000b:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f7665b0fdbf
000b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f7665b0fdbf
000b:Call advapi32.RegCloseKey(00000070) ret=7f7665b0fdd1
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0fdd1
000b:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f7665b111e0 L"Software\\Microsoft\\Windows\\CurrentVersion",00000000,00000000,00000000,00020019,00000000,0024eb90,00000000) ret=7f7665b0fd0d
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0fd0d
000b:Call advapi32.RegCreateKeyExW(0000006c,7f7665b11ea0 L"RunServices",00000000,00000000,00000000,00020019,00000000,0024eb98,0024eb70) ret=7f7665b0fd69
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0fd69
000b:Call advapi32.RegCloseKey(0000006c) ret=7f7665b0fd7a
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0fd7a
000b:Call advapi32.RegQueryInfoKeyW(00000070,00000000,00000000,00000000,00000000,00000000,00000000,0024eb74,0024eb7c,0024eb78,00000000,00000000) ret=7f7665b0feda
000b:Ret  advapi32.RegQueryInfoKeyW() retval=00000000 ret=7f7665b0feda
000b:Call ntdll.RtlAllocateHeap(00030000,00000000,0000005c) ret=7f7665b0ff74
000b:Ret  ntdll.RtlAllocateHeap() retval=00048990 ret=7f7665b0ff74
000b:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7f7665b0ffa9
000b:Ret  ntdll.RtlAllocateHeap() retval=00048a00 ret=7f7665b0ffa9
000b:Call advapi32.RegEnumValueW(00000070,00000000,00048a00,0024eb80,00000000,0024eb88,00048990,0024eb84) ret=7f7665b1005c
000b:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7f7665b1005c
000b:Call KERNEL32.CreateProcessW(00000000,00048990 L"C:\\windows\\system32\\winemenubuilder.exe -a -r",00000000,00000000,00000000,00000000,00000000,00000000,0024ebc0,0024eba0) ret=7f7665b1016d
000b:Ret  KERNEL32.CreateProcessW() retval=00000000 ret=7f7665b1016d
000b:err:wineboot:ProcessRunKeys Error running cmd L"C:\\windows\\system32\\winemenubuilder.exe -a -r" (2)
000b:Call ntdll.RtlFreeHeap(00030000,00000000,00048a00) ret=7f7665b0fda8
000b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f7665b0fda8
000b:Call ntdll.RtlFreeHeap(00030000,00000000,00048990) ret=7f7665b0fdbf
000b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f7665b0fdbf
000b:Call advapi32.RegCloseKey(00000070) ret=7f7665b0fdd1
000b:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f7665b0fdd1
000b:Call KERNEL32.GetSystemDirectoryW(0024f430,000000f7) ret=7f7665b0cb52
000b:Ret  KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7f7665b0cb52
000b:Call KERNEL32.CreateProcessW(0024f430 L"C:\\windows\\system32\\services.exe",0024f430 L"C:\\windows\\system32\\services.exe",00000000,00000000,00000001,00000008,00000000,00000000,0024ed90,0024ed70) ret=7f7665b0cbf7
000d:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError"
000d:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32"
000d:Call KERNEL32.__wine_kernel_init() ret=7bc85261
000d:Ret  KERNEL32.__wine_kernel_init() retval=7b47d405 ret=7bc85261
000b:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7f7665b0cbf7
000b:Call KERNEL32.CloseHandle(00000078) ret=7f7665b0da92
000b:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7f7665b0da92
000b:Call KERNEL32.WaitForMultipleObjects(00000002,0024f220,00000000,ffffffff) ret=7f7665b0dad4
000d:Call PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00)
000d:Ret  PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
000d:Call PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
000d:Ret  PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
000d:Call PE DLL (proc=0x7fe363e1a1d4,module=0x7fe363dc0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
000d:Ret  PE DLL (proc=0x7fe363e1a1d4,module=0x7fe363dc0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
000d:Call PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=0x24fb00)
000d:Ret  PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
000d:Call PE DLL (proc=0x7fe365d41048,module=0x7fe365d30000 L"userenv.dll",reason=PROCESS_ATTACH,res=0x24fb00)
000d:Call KERNEL32.DisableThreadLibraryCalls(7fe365d30000) ret=7fe365d3e8c2
000d:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7fe365d3e8c2
000d:Ret  PE DLL (proc=0x7fe365d41048,module=0x7fe365d30000 L"userenv.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
000d:Call PE DLL (proc=0x7fe365d56699,module=0x7fe365d50000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00)
000d:Call ntdll.LdrDisableThreadCalloutsForDll(7fe365d50000) ret=7fe365d56692
000d:Ret  ntdll.LdrDisableThreadCalloutsForDll() retval=00000000 ret=7fe365d56692
000d:Ret  PE DLL (proc=0x7fe365d56699,module=0x7fe365d50000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
000d:Starting process L"C:\\windows\\system32\\services.exe" (entryproc=0x7fe364756a2c)
000d:Call advapi32.RegCreateKeyExW(ffffffff80000002,7fe364757e00 L"SYSTEM\\CurrentControlSet\\Control\\ServiceCurrent",00000000,00000000,3000000001,7fe300000003,00000000,7fe364760318,00000000) ret=7fe36473d584
000d:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7fe36473d584
000d:Call advapi32.RegOpenKeyW(ffffffff80000002,7fe364757da0 L"System\\CurrentControlSet\\Control",0024fc00) ret=7fe36473d5cf
000d:Ret  advapi32.RegOpenKeyW() retval=00000000 ret=7fe36473d5cf
000d:Call advapi32.RegQueryValueExW(00000034,7fe364757d60 L"ServicesPipeTimeout",00000000,0024fbf8,0024fc10,0024fbfc) ret=7fe36473d76a
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36473d76a
000d:Call advapi32.RegQueryValueExW(00000034,7fe364757d20 L"WaitToKillServiceTimeout",00000000,0024fbf8,0024fc10,0024fbfc) ret=7fe36473d7ab
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36473d7ab
000d:Call advapi32.RegCloseKey(00000034) ret=7fe36473d7ca
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe36473d7ca
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7fe36473d5f1
000d:Ret  ntdll.RtlAllocateHeap() retval=00034bb0 ret=7fe36473d5f1
000d:Call KERNEL32.InitializeCriticalSection(00034be0) ret=7fe36473d62c
000d:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fe36473d62c
000d:Call advapi32.RegCreateKeyExW(ffffffff80000002,7fe364758160 L"System\\CurrentControlSet\\Services",00000000,00000000,00000000,02000000,00000000,00034bb0,00000000) ret=7fe36473d67e
000d:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7fe36473d67e
000d:Call advapi32.RegEnumKeyW(00000034,00000000,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00034c60 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000a) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00034d50 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"BITS",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(0000003c,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00034d90 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000003c,7fe3647580d0 L"ImagePath",00000000,0024f874,00034d90,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000003c,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00034e00 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758050 L"ObjectName",00000000,0024f874,00034e00,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001c) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00034e40 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758130 L"DisplayName",00000000,0024f874,00034e40,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001c) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00034e80 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758030 L"Description",00000000,0024f874,00034e80,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000003c,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00034ec0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00034f00 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758120 L"Type",00000000,0024f894,00034cb0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758110 L"Start",00000000,0024f894,00034cb4,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000003c,7fe3647580f0 L"ErrorControl",00000000,0024f894,00034cb8,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758048 L"Tag",00000000,0024f894,00034cd0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00034cf0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000003c,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(0000003c) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000001,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00034f40 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00035030 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"Eventlog",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000040,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000040,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000040,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00035070 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000350b0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758120 L"Type",00000000,0024f894,00034f90,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758110 L"Start",00000000,0024f894,00034f94,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000040,7fe3647580f0 L"ErrorControl",00000000,0024f894,00034f98,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758048 L"Tag",00000000,0024f894,00034fb0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00034fd0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000040,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000040) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call KERNEL32.CloseHandle(0000003c) ret=7fe364744bad
000d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe364744bad
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00035030) ret=7fe364744bc5
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bc5
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744bdd
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bdd
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744bf5
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bf5
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c0d
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c0d
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c28
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c28
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c43
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c43
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c5e
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c5e
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00035070) ret=7fe364744c79
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c79
000d:Call ntdll.RtlFreeHeap(00030000,00000000,000350b0) ret=7fe364744c94
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c94
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00034f40) ret=7fe364744cbc
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744cbc
000d:Call advapi32.RegEnumKeyW(00000034,00000002,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00034f40 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000014) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00035030 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"FontCache",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000040,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035070 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000040,7fe3647580d0 L"ImagePath",00000000,0024f874,00035070,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000040,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000350e0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758050 L"ObjectName",00000000,0024f874,000350e0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035120 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758130 L"DisplayName",00000000,0024f874,00035120,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035170 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758030 L"Description",00000000,0024f874,00035170,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000040,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000351c0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00035200 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758120 L"Type",00000000,0024f894,00034f90,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758110 L"Start",00000000,0024f894,00034f94,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000040,7fe3647580f0 L"ErrorControl",00000000,0024f894,00034f98,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758048 L"Tag",00000000,0024f894,00034fb0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000040,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00034fd0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000040,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000040) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000003,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00035240 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000022) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00035330 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"FontCache3.0.0.0",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000044,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000008e) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035370 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000044,7fe3647580d0 L"ImagePath",00000000,0024f874,00035370,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000044,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035410 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758050 L"ObjectName",00000000,0024f874,00035410,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000068) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035450 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758130 L"DisplayName",00000000,0024f874,00035450,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000068) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000354d0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758030 L"Description",00000000,0024f874,000354d0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000044,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00035550 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00035590 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758120 L"Type",00000000,0024f894,00035290,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758110 L"Start",00000000,0024f894,00035294,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000044,7fe3647580f0 L"ErrorControl",00000000,0024f894,00035298,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758048 L"Tag",00000000,0024f894,000352b0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000044,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,000352d0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000044,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000044) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000004,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=000355d0 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=000356c0 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"LanmanServer",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000048,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035700 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000048,7fe3647580d0 L"ImagePath",00000000,0024f874,00035700,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000048,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035770 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758050 L"ObjectName",00000000,0024f874,00035770,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000357b0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758130 L"DisplayName",00000000,0024f874,000357b0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000357f0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758030 L"Description",00000000,0024f874,000357f0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000048,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00035830 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00035870 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758120 L"Type",00000000,0024f894,00035620,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758110 L"Start",00000000,0024f894,00035624,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000048,7fe3647580f0 L"ErrorControl",00000000,0024f894,00035628,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758048 L"Tag",00000000,0024f894,00035640,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000048,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00035660,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000048,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000048) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000005,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=000358b0 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=000359a0 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"MountMgr",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(0000004c,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000054) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000359e0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000004c,7fe3647580d0 L"ImagePath",00000000,0024f874,000359e0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000004c,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035a50 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758050 L"ObjectName",00000000,0024f874,00035a50,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035a90 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758130 L"DisplayName",00000000,0024f874,00035a90,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000032) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035ad0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758030 L"Description",00000000,0024f874,00035ad0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000004c,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00035b20 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00035b60 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758120 L"Type",00000000,0024f894,00035900,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758110 L"Start",00000000,0024f894,00035904,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000004c,7fe3647580f0 L"ErrorControl",00000000,0024f894,00035908,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758048 L"Tag",00000000,0024f894,00035920,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00035940,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000004c,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(0000004c) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000006,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00035ba0 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000014) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00035c90 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"MSIServer",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000050,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000048) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035cd0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000050,7fe3647580d0 L"ImagePath",00000000,0024f874,00035cd0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000050,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035d30 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758050 L"ObjectName",00000000,0024f874,00035d30,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000016) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035d70 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758130 L"DisplayName",00000000,0024f874,00035d70,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035db0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758030 L"Description",00000000,0024f874,00035db0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000050,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00035df0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00035e30 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758120 L"Type",00000000,0024f894,00035bf0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758110 L"Start",00000000,0024f894,00035bf4,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000050,7fe3647580f0 L"ErrorControl",00000000,0024f894,00035bf8,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758048 L"Tag",00000000,0024f894,00035c10,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000050,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00035c30,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000050,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000050) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000007,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00035e70 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00035f60 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"PlugPlay",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000054,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00035fa0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000054,7fe3647580d0 L"ImagePath",00000000,0024f874,00035fa0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000054,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00036000 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758050 L"ObjectName",00000000,0024f874,00036000,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002e) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00036040 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758130 L"DisplayName",00000000,0024f874,00036040,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00036080 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758030 L"Description",00000000,0024f874,00036080,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000054,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000360f0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00036130 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758120 L"Type",00000000,0024f894,00035ec0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758110 L"Start",00000000,0024f894,00035ec4,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000054,7fe3647580f0 L"ErrorControl",00000000,0024f894,00035ec8,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758048 L"Tag",00000000,0024f894,00035ee0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000054,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00035f00,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000054,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000054) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000008,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00041f00 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00036170 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"RpcSs",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000058,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003e) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000361b0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000058,7fe3647580d0 L"ImagePath",00000000,0024f874,000361b0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000058,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00041ff0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758050 L"ObjectName",00000000,0024f874,00041ff0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042030 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758130 L"DisplayName",00000000,0024f874,00042030,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042080 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758030 L"Description",00000000,0024f874,00042080,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000058,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000420c0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042100 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758120 L"Type",00000000,0024f894,00041f50,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758110 L"Start",00000000,0024f894,00041f54,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000058,7fe3647580f0 L"ErrorControl",00000000,0024f894,00041f58,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758048 L"Tag",00000000,0024f894,00041f70,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000058,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00041f90,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000058,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000058) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000009,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00042140 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00042230 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"Schedule",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(0000005c,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042270 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000005c,7fe3647580d0 L"ImagePath",00000000,0024f874,00042270,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000005c,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000422e0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758050 L"ObjectName",00000000,0024f874,000422e0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042320 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758130 L"DisplayName",00000000,0024f874,00042320,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042360 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758030 L"Description",00000000,0024f874,00042360,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000005c,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000423a0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000423e0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758120 L"Type",00000000,0024f894,00042190,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758110 L"Start",00000000,0024f894,00042194,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000005c,7fe3647580f0 L"ErrorControl",00000000,0024f894,00042198,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758048 L"Tag",00000000,0024f894,000421b0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,000421d0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000005c,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(0000005c) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,0000000a,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00042420 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00042510 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"Spooler",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000060,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000042) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042550 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000060,7fe3647580d0 L"ImagePath",00000000,0024f874,00042550,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000060,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001c) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000425b0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000060,7fe3647580c0 L"Group",00000000,0024f874,000425b0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000425f0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758050 L"ObjectName",00000000,0024f874,000425f0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042630 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758130 L"DisplayName",00000000,0024f874,00042630,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000054) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042670 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758030 L"Description",00000000,0024f874,00042670,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000060,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000426e0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042720 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758120 L"Type",00000000,0024f894,00042470,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758110 L"Start",00000000,0024f894,00042474,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000060,7fe3647580f0 L"ErrorControl",00000000,0024f894,00042478,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758048 L"Tag",00000000,0024f894,00042490,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000060,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,000424b0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000060,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000060) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,0000000b,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00042760 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000e) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00042850 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"StiSvc",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000064,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000056) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042890 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000064,7fe3647580d0 L"ImagePath",00000000,0024f874,00042890,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000064,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042900 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758050 L"ObjectName",00000000,0024f874,00042900,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042940 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758130 L"DisplayName",00000000,0024f874,00042940,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042980 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758030 L"Description",00000000,0024f874,00042980,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000064,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000429c0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042a00 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758120 L"Type",00000000,0024f894,000427b0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758110 L"Start",00000000,0024f894,000427b4,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000064,7fe3647580f0 L"ErrorControl",00000000,0024f894,000427b8,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758048 L"Tag",00000000,0024f894,000427d0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000064,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,000427f0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000064,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000064) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,0000000c,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00042a40 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00042b30 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"Tcpip",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000068,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000068,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000068,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042b70 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042bb0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758120 L"Type",00000000,0024f894,00042a90,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758110 L"Start",00000000,0024f894,00042a94,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000068,7fe3647580f0 L"ErrorControl",00000000,0024f894,00042a98,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758048 L"Tag",00000000,0024f894,00042ab0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00042ad0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000068,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000068) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call KERNEL32.CloseHandle(00000064) ret=7fe364744bad
000d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe364744bad
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00042b30) ret=7fe364744bc5
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bc5
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744bdd
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bdd
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744bf5
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bf5
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c0d
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c0d
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c28
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c28
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c43
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c43
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c5e
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c5e
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00042b70) ret=7fe364744c79
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c79
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00042bb0) ret=7fe364744c94
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c94
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00042a40) ret=7fe364744cbc
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744cbc
000d:Call advapi32.RegEnumKeyW(00000034,0000000d,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00042a40 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00042b30 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"TermService",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000068,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000040) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042b70 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000068,7fe3647580d0 L"ImagePath",00000000,0024f874,00042b70,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000068,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042bc0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758050 L"ObjectName",00000000,0024f874,00042bc0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000026) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042c00 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758130 L"DisplayName",00000000,0024f874,00042c00,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002e) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042c40 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758030 L"Description",00000000,0024f874,00042c40,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000068,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042c80 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042cc0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758120 L"Type",00000000,0024f894,00042a90,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758110 L"Start",00000000,0024f894,00042a94,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000068,7fe3647580f0 L"ErrorControl",00000000,0024f894,00042a98,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758048 L"Tag",00000000,0024f894,00042ab0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000068,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00042ad0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000068,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000068) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,0000000e,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00042d00 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000008) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00042df0 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"VxD",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(0000006c,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(0000006c,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(0000006c,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042e30 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042e70 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758120 L"Type",00000000,0024f894,00042d50,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758110 L"Start",00000000,0024f894,00042d54,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000006c,7fe3647580f0 L"ErrorControl",00000000,0024f894,00042d58,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758048 L"Tag",00000000,0024f894,00042d70,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00042d90,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(0000006c) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call KERNEL32.CloseHandle(00000068) ret=7fe364744bad
000d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe364744bad
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00042df0) ret=7fe364744bc5
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bc5
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744bdd
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bdd
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744bf5
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bf5
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c0d
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c0d
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c28
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c28
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c43
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c43
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c5e
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c5e
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00042e30) ret=7fe364744c79
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c79
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00042e70) ret=7fe364744c94
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c94
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00042d00) ret=7fe364744cbc
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744cbc
000d:Call advapi32.RegEnumKeyW(00000034,0000000f,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00042d00 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00042df0 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"WineBus",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(0000006c,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000052) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042e30 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000006c,7fe3647580d0 L"ImagePath",00000000,0024f874,00042e30,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000006c,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001c) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042ea0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000006c,7fe3647580c0 L"Group",00000000,0024f874,00042ea0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042ee0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758050 L"ObjectName",00000000,0024f874,00042ee0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042f20 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758130 L"DisplayName",00000000,0024f874,00042f20,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000034) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00042f60 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758030 L"Description",00000000,0024f874,00042f60,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(0000006c,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042fb0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00042ff0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758120 L"Type",00000000,0024f894,00042d50,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758110 L"Start",00000000,0024f894,00042d54,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000006c,7fe3647580f0 L"ErrorControl",00000000,0024f894,00042d58,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758048 L"Tag",00000000,0024f894,00042d70,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00042d90,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(0000006c,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(0000006c) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000010,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00043030 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00043120 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"WineHID",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000070,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000052) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00043160 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000070,7fe3647580d0 L"ImagePath",00000000,0024f874,00043160,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000070,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001c) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000431d0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000070,7fe3647580c0 L"Group",00000000,0024f874,000431d0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00043210 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758050 L"ObjectName",00000000,0024f874,00043210,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000014) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00043250 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758130 L"DisplayName",00000000,0024f874,00043250,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00043290 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758030 L"Description",00000000,0024f874,00043290,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000070,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000432d0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00043310 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758120 L"Type",00000000,0024f894,00043080,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758110 L"Start",00000000,0024f894,00043084,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000070,7fe3647580f0 L"ErrorControl",00000000,0024f894,00043088,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758048 L"Tag",00000000,0024f894,000430a0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000070,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,000430c0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000070,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000070) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000011,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00043350 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00043440 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"Winmgmt",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000074,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000042) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00043480 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000074,7fe3647580d0 L"ImagePath",00000000,0024f874,00043480,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000074,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000434e0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758050 L"ObjectName",00000000,0024f874,000434e0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00043520 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758130 L"DisplayName",00000000,0024f874,00043520,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000006e) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00043590 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758030 L"Description",00000000,0024f874,00043590,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000074,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00043610 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00043650 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758120 L"Type",00000000,0024f894,000433a0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758110 L"Start",00000000,0024f894,000433a4,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000074,7fe3647580f0 L"ErrorControl",00000000,0024f894,000433a8,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758048 L"Tag",00000000,0024f894,000433c0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000074,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,000433e0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000074,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000074) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000012,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00043690 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00043780 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"Winsock",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000437c0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00043800 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758120 L"Type",00000000,0024f894,000436e0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758110 L"Start",00000000,0024f894,000436e4,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580f0 L"ErrorControl",00000000,0024f894,000436e8,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758048 L"Tag",00000000,0024f894,00043700,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00043720,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000078) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call KERNEL32.CloseHandle(00000074) ret=7fe364744bad
000d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe364744bad
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00043780) ret=7fe364744bc5
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bc5
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744bdd
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bdd
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744bf5
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bf5
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c0d
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c0d
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c28
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c28
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c43
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c43
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c5e
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c5e
000d:Call ntdll.RtlFreeHeap(00030000,00000000,000437c0) ret=7fe364744c79
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c79
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00043800) ret=7fe364744c94
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c94
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00043690) ret=7fe364744cbc
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744cbc
000d:Call advapi32.RegEnumKeyW(00000034,00000013,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00043690 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00043780 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"Winsock2",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000437c0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00043800 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758120 L"Type",00000000,0024f894,000436e0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758110 L"Start",00000000,0024f894,000436e4,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580f0 L"ErrorControl",00000000,0024f894,000436e8,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758048 L"Tag",00000000,0024f894,00043700,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00043720,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000078) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call KERNEL32.CloseHandle(00000074) ret=7fe364744bad
000d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe364744bad
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00043780) ret=7fe364744bc5
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bc5
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744bdd
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bdd
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744bf5
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744bf5
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c0d
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c0d
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c28
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c28
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c43
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c43
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe364744c5e
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c5e
000d:Call ntdll.RtlFreeHeap(00030000,00000000,000437c0) ret=7fe364744c79
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c79
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00043800) ret=7fe364744c94
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744c94
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00043690) ret=7fe364744cbc
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364744cbc
000d:Call advapi32.RegEnumKeyW(00000034,00000014,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000000 ret=7fe364744db5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00043690 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00043780 ret=7fe364746667
000d:Call advapi32.RegOpenKeyExW(00000034,0024f920 L"wuauserv",00000000,00020019,0024f918) ret=7fe364744e0a
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe364744e0a
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580d0 L"ImagePath",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000437c0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580d0 L"ImagePath",00000000,0024f874,000437c0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580c0 L"Group",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746732
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758050 L"ObjectName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00043820 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758050 L"ObjectName",00000000,0024f874,00043820,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758130 L"DisplayName",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000026) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=00043860 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758130 L"DisplayName",00000000,0024f874,00043860,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758030 L"Description",00000000,0024f874,00000000,0024f870) ret=7fe364746732
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746732
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000014) ret=7fe364746806
000d:Ret  ntdll.RtlAllocateHeap() retval=000438a0 ret=7fe364746806
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758030 L"Description",00000000,0024f874,000438a0,0024f870) ret=7fe364746829
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746829
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580a0 L"DependOnService",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=000438e0 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758070 L"DependOnGroup",00000000,0024f874,00000000,0024f870) ret=7fe36474691e
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe36474691e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000002) ret=7fe364746a5b
000d:Ret  ntdll.RtlAllocateHeap() retval=00043920 ret=7fe364746a5b
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758120 L"Type",00000000,0024f894,000436e0,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758110 L"Start",00000000,0024f894,000436e4,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe3647580f0 L"ErrorControl",00000000,0024f894,000436e8,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758048 L"Tag",00000000,0024f894,00043700,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364758000 L"PreshutdownTimeout",00000000,0024f894,00043720,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364746ab3
000d:Call advapi32.RegQueryValueExW(00000078,7fe364757fe8 L"WOW64",00000000,0024f894,0024f90c,0024f890) ret=7fe364746ab3
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364746ab3
000d:Call advapi32.RegCloseKey(00000078) ret=7fe364745298
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe364745298
000d:Call advapi32.RegEnumKeyW(00000034,00000015,0024f920,00000104) ret=7fe364744db5
000d:Ret  advapi32.RegEnumKeyW() retval=00000103 ret=7fe364744db5
000d:Call KERNEL32.CreateThreadpoolCleanupGroup() ret=7fe364743fe2
000d:Ret  KERNEL32.CreateThreadpoolCleanupGroup() retval=00043960 ret=7fe364743fe2
000d:Call rpcrt4.RpcServerUseProtseqEpW(0024fb10 L"ncacn_np",00000000,0024fb30 L"\\pipe\\svcctl",00000000) ret=7fe364744002
000d:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0024fb10 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000) ret=7fe363e8bb63
000d:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7fe363e8bb63
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fe363e8bb7d
000d:Ret  ntdll.RtlAllocateHeap() retval=000439f0 ret=7fe363e8bb7d
000d:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0024fb10 L"ncacn_np",ffffffff,000439f0,00000009,00000000,00000000) ret=7fe363e8bbae
000d:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7fe363e8bbae
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000090) ret=7fe363e9d7f8
000d:Ret  ntdll.RtlAllocateHeap() retval=00043a30 ret=7fe363e9d7f8
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fe363e8bafb
000d:Ret  ntdll.RtlAllocateHeap() retval=00043ad0 ret=7fe363e8bafb
000d:Call KERNEL32.InitializeCriticalSection(00043a78) ret=7fe363e97e13
000d:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fe363e97e13
000d:Call ntdll.RtlFreeHeap(00030000,00000000,000439f0) ret=7fe363e8c209
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e8c209
000d:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0024fb30 L"\\pipe\\svcctl",ffffffff,00000000,7fe300000000,00000000,00000000) ret=7fe363e8bb63
000d:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7fe363e8bb63
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bb7d
000d:Ret  ntdll.RtlAllocateHeap() retval=000439f0 ret=7fe363e8bb7d
000d:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0024fb30 L"\\pipe\\svcctl",ffffffff,000439f0,7fe30000000d,00000000,00000000) ret=7fe363e8bbae
000d:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7fe363e8bbae
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000118) ret=7fe363e9d4ef
000d:Ret  ntdll.RtlAllocateHeap() retval=00043b50 ret=7fe363e9d4ef
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bafb
000d:Ret  ntdll.RtlAllocateHeap() retval=00043c80 ret=7fe363e8bafb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea70b4
000d:Ret  ntdll.RtlAllocateHeap() retval=00043cc0 ret=7fe363ea70b4
000d:Call KERNEL32.CreateNamedPipeA(00043cc0 "\\\\.\\pipe\\svcctl",40000003,00000006,000000ff,000016d0,000016d0,00001388,00000000) ret=7fe363e9e83a
000d:Ret  KERNEL32.CreateNamedPipeA() retval=0000007c ret=7fe363e9e83a
000d:Call ntdll.RtlFreeHeap(00030000,00000000,000439f0) ret=7fe363e8c209
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e8c209
000d:Ret  rpcrt4.RpcServerUseProtseqEpW() retval=00000000 ret=7fe364744002
000d:Call rpcrt4.RpcServerRegisterIf(7fe36475ea80,00000000,00000000) ret=7fe364744080
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000060) ret=7fe363e9a5ae
000d:Ret  ntdll.RtlAllocateHeap() retval=00043d00 ret=7fe363e9a5ae
000d:Ret  rpcrt4.RpcServerRegisterIf() retval=00000000 ret=7fe364744080
000d:Call rpcrt4.RpcServerListen(00000001,000004d2,00000001) ret=7fe3647440d9
000d:Call KERNEL32.CreateMutexW(00000000,00000000,00000000) ret=7fe363e97f83
000d:Ret  KERNEL32.CreateMutexW() retval=00000084 ret=7fe363e97f83
000d:Call KERNEL32.CreateThread(00000000,00000000,7fe363e97900,00043a30,00000000,00000000) ret=7fe363e97f4f
000d:Ret  KERNEL32.CreateThread() retval=0000008c ret=7fe363e97f4f
000d:Call KERNEL32.WaitForSingleObject(00000084,ffffffff) ret=7fe363e97c15
000d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e97c15
000d:Call KERNEL32.SetEvent(00000078) ret=7fe363e9d6d6
000d:Ret  KERNEL32.SetEvent() retval=00000001 ret=7fe363e9d6d6
000d:Call KERNEL32.WaitForSingleObject(00000088,ffffffff) ret=7fe363e97c2f
000e:Call PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
000e:Ret  PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
000e:Starting thread proc 0x7fe363e97900 (arg=0x43a30)
000e:Call ntdll.NtFsControlFile(0000007c,00000090,00000000,00000000,00043c48,00110008,00000000,00000000,00000000,00000000) ret=7fe363e9e9b2
000e:Ret  ntdll.NtFsControlFile() retval=00000103 ret=7fe363e9e9b2
000e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363e9eaf2
000e:Ret  ntdll.RtlAllocateHeap() retval=00043d70 ret=7fe363e9eaf2
000e:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00043d70,00000000,ffffffff,00000001) ret=7fe363ea3d32
000e:Ret  KERNEL32.WaitForMultipleObjectsEx() retval=00000000 ret=7fe363ea3d32
000e:Call ntdll.RtlReAllocateHeap(00030000,00000000,00043d70,00000010) ret=7fe363e9ea45
000e:Ret  ntdll.RtlReAllocateHeap() retval=00043d70 ret=7fe363e9ea45
000e:Call KERNEL32.SetEvent(00000088) ret=7fe363e979da
000e:Ret  KERNEL32.SetEvent() retval=00000001 ret=7fe363e979da
000d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e97c2f
000e:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00043d70,00000000,ffffffff,00000001) ret=7fe363ea3d32
000d:Call KERNEL32.ReleaseMutex(00000084) ret=7fe363e97c38
000d:Ret  KERNEL32.ReleaseMutex() retval=00000001 ret=7fe363e97c38
000d:Ret  rpcrt4.RpcServerListen() retval=00000000 ret=7fe3647440d9
000d:Call ntdll.__wine_make_process_system() ret=7fe3647440fd
000d:Ret  ntdll.__wine_make_process_system() retval=00000094 ret=7fe3647440fd
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000100) ret=7fe36473d7fc
000d:Ret  ntdll.RtlAllocateHeap() retval=00043db0 ret=7fe36473d7fc
000d:Call KERNEL32.ExpandEnvironmentStringsW(000359e0 L"C:\\windows\\system32\\drivers\\mountmgr.sys",00000000,00000000) ret=7fe3647455d3
000d:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000029 ret=7fe3647455d3
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000052) ret=7fe3647455f0
000d:Ret  ntdll.RtlAllocateHeap() retval=00043ec0 ret=7fe3647455f0
000d:Call KERNEL32.ExpandEnvironmentStringsW(000359e0 L"C:\\windows\\system32\\drivers\\mountmgr.sys",00043ec0,00000029) ret=7fe36474560b
000d:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000029 ret=7fe36474560b
000d:Call KERNEL32.GetBinaryTypeW(00043ec0 L"C:\\windows\\system32\\drivers\\mountmgr.sys",0024f7f0) ret=7fe364745a26
000d:Ret  KERNEL32.GetBinaryTypeW() retval=00000001 ret=7fe364745a26
000d:Call KERNEL32.GetSystemDirectoryW(0024f860,00000104) ret=7fe364745a4a
000d:Ret  KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7fe364745a4a
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00043ec0) ret=7fe364745a61
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364745a61
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000046) ret=7fe364745a9e
000d:Ret  ntdll.RtlAllocateHeap() retval=00043ec0 ret=7fe364745a9e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00043f20 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00044010 ret=7fe364746667
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000046) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00044050 ret=7fe364746667
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=000440b0 ret=7fe364746667
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=000440f0 ret=7fe364746667
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00043ec0) ret=7fe36474606c
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474606c
000d:Call KERNEL32.ExpandEnvironmentStringsW(00044050 L"C:\\windows\\system32\\winedevice.exe",00000000,00000000) ret=7fe3647455d3
000d:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000023 ret=7fe3647455d3
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000046) ret=7fe3647455f0
000d:Ret  ntdll.RtlAllocateHeap() retval=00043ec0 ret=7fe3647455f0
000d:Call KERNEL32.ExpandEnvironmentStringsW(00044050 L"C:\\windows\\system32\\winedevice.exe",00043ec0,00000023) ret=7fe36474560b
000d:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000023 ret=7fe36474560b
000d:Call advapi32.RegQueryValueExW(00000030,00000000,00000000,0024f3d0,0024f3b0,0024f3a8) ret=7fe364745678
000d:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7fe364745678
000d:Call advapi32.RegSetValueExW(00000030,00000000,00000000,00000004,7fe3647602d0,00000004) ret=7fe3647456b5
000d:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7fe3647456b5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7fe3647456f4
000d:Ret  ntdll.RtlAllocateHeap() retval=00044130 ret=7fe3647456f4
000d:Call KERNEL32.CreateMutexW(00000000,00000001,00000000) ret=7fe364745716
000d:Ret  KERNEL32.CreateMutexW() retval=0000009c ret=7fe364745716
000d:Call KERNEL32.CreateNamedPipeW(7fe364760280 L"\\\\.\\pipe\\net\\NtControlPipe0",40000003,00000000,00000001,7fe300000100,00000100,8000002710,00000000) ret=7fe36474577d
000d:Ret  KERNEL32.CreateNamedPipeW() retval=000000a4 ret=7fe36474577d
000d:Call advapi32.OpenProcessToken(ffffffffffffffff,0000000a,0024f3a8) ret=7fe364745f3c
000d:Ret  advapi32.OpenProcessToken() retval=00000001 ret=7fe364745f3c
000d:Call userenv.CreateEnvironmentBlock(7fe364760320,000000a8,00000000) ret=7fe364745f58
000d:Call advapi32.RegOpenKeyExW(ffffffff80000002,7fe365d41ae0 L"System\\CurrentControlSet\\Control\\Session Manager\\Environment",00000000,00020019,0023eed8) ret=7fe365d3e9b3
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe365d3e9b3
000d:Call ntdll.RtlCreateEnvironment(00000000,0023eed0) ret=7fe365d3ea37
000d:Ret  ntdll.RtlCreateEnvironment() retval=00000000 ret=7fe365d3ea37
000d:Call KERNEL32.GetEnvironmentVariableW(7fe365d41ab0 L"SystemRoot",0023f1c0,00007fff) ret=7fe365d3ea61
000d:Ret  KERNEL32.GetEnvironmentVariableW() retval=0000000a ret=7fe365d3ea61
000d:Call ntdll.RtlInitUnicodeString(0023eef0,7fe365d41ab0 L"SystemRoot") ret=7fe365d3ea85
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000014 ret=7fe365d3ea85
000d:Call ntdll.RtlInitUnicodeString(0023ef00,0023f1c0 L"C:\\windows") ret=7fe365d3eaa2
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000014 ret=7fe365d3eaa2
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023eef0,0023ef00) ret=7fe365d3eab0
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3eab0
000d:Call KERNEL32.GetEnvironmentVariableW(7fe365d41a90 L"SystemDrive",0023f1c0,00007fff) ret=7fe365d3eac7
000d:Ret  KERNEL32.GetEnvironmentVariableW() retval=00000002 ret=7fe365d3eac7
000d:Call ntdll.RtlInitUnicodeString(0023eef0,7fe365d41a90 L"SystemDrive") ret=7fe365d3eae3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000016 ret=7fe365d3eae3
000d:Call ntdll.RtlInitUnicodeString(0023ef00,0023f1c0 L"c:") ret=7fe365d3eaf5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000004 ret=7fe365d3eaf5
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023eef0,0023ef00) ret=7fe365d3eb03
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3eb03
000d:Call advapi32.RegEnumValueW(000000ac,00000000,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"ComSpec") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000000e ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"ComSpec",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"ComSpec",00000000,00000000,00044190,0023dcec) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023dcf0,00044190 L"C:\\windows\\system32\\cmd.exe") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000036 ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023dcf0,0023dd00,0023dcdc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows\\system32\\cmd.exe") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000036 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000001,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"NUMBER_OF_PROCESSORS") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000028 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"NUMBER_OF_PROCESSORS",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"NUMBER_OF_PROCESSORS",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"4") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000002 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000002,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"OS") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000004 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"OS",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"OS",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"Windows_NT") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000014 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000003,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PATH") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000008 ret=7fe365d3e6c5
000d:Call ntdll.RtlQueryEnvironmentVariable_U(00370000,0023ddd0,0023dde0) ret=7fe365d3e701
000d:Ret  ntdll.RtlQueryEnvironmentVariable_U() retval=c0000100 ret=7fe365d3e701
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PATH",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000070) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PATH",00000000,00000000,00044190,0023dcec) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023dcf0,00044190 L"C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000006e ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023dcf0,0023dd00,0023dcdc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000006e ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000004,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PATHEXT") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000000e ret=7fe365d3e6c5
000d:Call ntdll.RtlQueryEnvironmentVariable_U(00370000,0023ddd0,0023dde0) ret=7fe365d3e701
000d:Ret  ntdll.RtlQueryEnvironmentVariable_U() retval=c0000100 ret=7fe365d3e701
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PATHEXT",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PATHEXT",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000060 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000005,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PROCESSOR_ARCHITECTURE") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000002c ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_ARCHITECTURE",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_ARCHITECTURE",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"AMD64") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000000a ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000006,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PROCESSOR_IDENTIFIER") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000028 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_IDENTIFIER",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_IDENTIFIER",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"Intel64 Family 6 Model 58 Stepping 9, GenuineIntel") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000064 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000007,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PROCESSOR_LEVEL") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_LEVEL",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_LEVEL",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"6") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000002 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000008,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PROCESSOR_REVISION") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000024 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_REVISION",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_REVISION",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"3a09") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000008 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000009,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call advapi32.RegEnumValueW(000000ac,0000000a,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call advapi32.RegEnumValueW(000000ac,0000000b,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"TEMP") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000008 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"TEMP",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"TEMP",00000000,00000000,00044190,0023dcec) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023dcf0,00044190 L"C:\\windows\\temp") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023dcf0,0023dd00,0023dcdc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows\\temp") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,0000000c,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"TMP") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000006 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"TMP",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"TMP",00000000,00000000,00044190,0023dcec) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023dcf0,00044190 L"C:\\windows\\temp") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023dcf0,0023dd00,0023dcdc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows\\temp") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,0000000d,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"windir") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000000c ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"windir",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000016) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"windir",00000000,00000000,00044190,0023dcec) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023dcf0,00044190 L"C:\\windows") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000014 ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023dcf0,0023dd00,0023dcdc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000014 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,0000000e,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"winsysdir") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000012 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"winsysdir",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"winsysdir",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows\\system32") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000026 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,0000000f,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000103 ret=7fe365d3e67c
000d:Call advapi32.RegEnumValueW(000000ac,00000000,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"ComSpec") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000000e ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"ComSpec",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"ComSpec",00000000,00000000,00044190,0023dcec) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023dcf0,00044190 L"C:\\windows\\system32\\cmd.exe") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000036 ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023dcf0,0023dd00,0023dcdc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows\\system32\\cmd.exe") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000036 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000001,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"NUMBER_OF_PROCESSORS") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000028 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"NUMBER_OF_PROCESSORS",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"NUMBER_OF_PROCESSORS",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"4") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000002 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000002,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"OS") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000004 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"OS",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"OS",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"Windows_NT") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000014 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000003,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PATH") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000008 ret=7fe365d3e6c5
000d:Call ntdll.RtlQueryEnvironmentVariable_U(00370000,0023ddd0,0023dde0) ret=7fe365d3e701
000d:Ret  ntdll.RtlQueryEnvironmentVariable_U() retval=00000000 ret=7fe365d3e701
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PATH",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000070) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PATH",00000000,00000000,00044190,0023dcec) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023dcf0,00044190 L"C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000006e ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023dcf0,0023dd00,0023dcdc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000006e ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000004,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PATHEXT") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000000e ret=7fe365d3e6c5
000d:Call ntdll.RtlQueryEnvironmentVariable_U(00370000,0023ddd0,0023dde0) ret=7fe365d3e701
000d:Ret  ntdll.RtlQueryEnvironmentVariable_U() retval=00000000 ret=7fe365d3e701
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PATHEXT",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PATHEXT",00000000,00000000,0023e652,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000060 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000005,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PROCESSOR_ARCHITECTURE") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000002c ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_ARCHITECTURE",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_ARCHITECTURE",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"AMD64") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000000a ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000006,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PROCESSOR_IDENTIFIER") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000028 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_IDENTIFIER",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_IDENTIFIER",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"Intel64 Family 6 Model 58 Stepping 9, GenuineIntel") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000064 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000007,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PROCESSOR_LEVEL") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_LEVEL",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_LEVEL",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"6") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000002 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000008,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"PROCESSOR_REVISION") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000024 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_REVISION",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"PROCESSOR_REVISION",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"3a09") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000008 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,00000009,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call advapi32.RegEnumValueW(000000ac,0000000a,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call advapi32.RegEnumValueW(000000ac,0000000b,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"TEMP") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000008 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"TEMP",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"TEMP",00000000,00000000,00044190,0023dcec) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023dcf0,00044190 L"C:\\windows\\temp") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023dcf0,0023dd00,0023dcdc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows\\temp") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,0000000c,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"TMP") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000006 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"TMP",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"TMP",00000000,00000000,00044190,0023dcec) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023dcf0,00044190 L"C:\\windows\\temp") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023dcf0,0023dd00,0023dcdc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows\\temp") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,0000000d,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"windir") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000000c ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"windir",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000016) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"windir",00000000,00000000,00044190,0023dcec) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023dcf0,00044190 L"C:\\windows") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000014 ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023dcf0,0023dd00,0023dcdc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000014 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,0000000e,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"winsysdir") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000012 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"winsysdir",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,0023ddf0 L"winsysdir",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\windows\\system32") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000026 ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000ac,0000000f,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000103 ret=7fe365d3e67c
000d:Call advapi32.RegOpenKeyExW(000000ac,7fe365d41a70 L"Environment",00000000,00020019,0023eee0) ret=7fe365d3eb63
000d:Ret  advapi32.RegOpenKeyExW() retval=00000002 ret=7fe365d3eb63
000d:Call advapi32.RegOpenKeyExW(000000ac,7fe365d41a40 L"Volatile Environment",00000000,00020019,0023eee0) ret=7fe365d3eb92
000d:Ret  advapi32.RegOpenKeyExW() retval=00000002 ret=7fe365d3eb92
000d:Call advapi32.RegCloseKey(000000ac) ret=7fe365d3eba7
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe365d3eba7
000d:Call advapi32.RegOpenKeyExW(ffffffff80000002,7fe365d419c0 L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",00000000,00020019,0023eed8) ret=7fe365d3ebc8
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe365d3ebc8
000d:Call advapi32.RegQueryValueExW(000000ac,7fe365d41980 L"ProfilesDirectory",00000000,0023edc8,00000000,0023edcc) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,7fe365d41980 L"ProfilesDirectory",00000000,00000000,00044190,0023edcc) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023edd0,00044190 L"C:\\users") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000010 ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023edd0,0023ede0,0023edbc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call advapi32.RegQueryValueExW(000000ac,7fe365d41960 L"Public",00000000,0023edc8,00000000,0023edcc) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe365d3e542
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3e542
000d:Call advapi32.RegQueryValueExW(000000ac,7fe365d41960 L"Public",00000000,00000000,00044190,0023edcc) ret=7fe365d3e565
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e565
000d:Call ntdll.RtlInitUnicodeString(0023edd0,00044190 L"C:\\users\\Public") ret=7fe365d3e579
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3e579
000d:Call ntdll.RtlExpandEnvironmentStrings_U(00370000,0023edd0,0023ede0,0023edbc) ret=7fe365d3e59c
000d:Ret  ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7fe365d3e59c
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3e5b7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3e5b7
000d:Call ntdll.RtlInitUnicodeString(0023eef0,7fe365d41940 L"ALLUSERSPROFILE") ret=7fe365d3f46b
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3f46b
000d:Call ntdll.RtlInitUnicodeString(0023ef00,0023f1c0 L"C:\\users\\Public") ret=7fe365d3f47d
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7fe365d3f47d
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023eef0,0023ef00) ret=7fe365d3f48b
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3f48b
000d:Call advapi32.RegCloseKey(000000ac) ret=7fe365d3f18f
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe365d3f18f
000d:Call KERNEL32.GetComputerNameW(0023f1c0,0023eec8) ret=7fe365d3ebf5
000d:Ret  KERNEL32.GetComputerNameW() retval=00000001 ret=7fe365d3ebf5
000d:Call ntdll.RtlInitUnicodeString(0023eef0,7fe365d41910 L"COMPUTERNAME") ret=7fe365d3f098
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000018 ret=7fe365d3f098
000d:Call ntdll.RtlInitUnicodeString(0023ef00,0023f1c0 L"hewlettpackard") ret=7fe365d3f0aa
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000001c ret=7fe365d3f0aa
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023eef0,0023ef00) ret=7fe365d3f0b8
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3f0b8
000d:Call KERNEL32.IsWow64Process(ffffffffffffffff,0023eecc) ret=7fe365d3ec19
000d:Ret  KERNEL32.IsWow64Process() retval=00000001 ret=7fe365d3ec19
000d:Call advapi32.RegOpenKeyExW(ffffffff80000002,7fe365d41860 L"Software\\Microsoft\\Windows\\CurrentVersion",00000000,00020119,0023eee8) ret=7fe365d3ec47
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe365d3ec47
000d:Call advapi32.RegQueryValueExW(000000ac,7fe365d41840 L"ProgramFilesDir",00000000,0023edc8,00000000,0023edcc) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,7fe365d41840 L"ProgramFilesDir",00000000,00000000,0023ef30,0023edbc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023ef10,7fe365d41810 L"ProgramW6432") ret=7fe365d3f405
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000018 ret=7fe365d3f405
000d:Call ntdll.RtlInitUnicodeString(0023ef20,0023ef30 L"C:\\Program Files") ret=7fe365d3f41a
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000020 ret=7fe365d3f41a
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ef10,0023ef20) ret=7fe365d3f428
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3f428
000d:Call ntdll.RtlInitUnicodeString(0023ef10,7fe365d417f0 L"ProgramFiles") ret=7fe365d3f437
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000018 ret=7fe365d3f437
000d:Call ntdll.RtlInitUnicodeString(0023ef20,0023ef30 L"C:\\Program Files") ret=7fe365d3f444
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000020 ret=7fe365d3f444
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ef10,0023ef20) ret=7fe365d3f452
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3f452
000d:Call advapi32.RegQueryValueExW(000000ac,7fe365d41790 L"CommonFilesDir",00000000,0023edc8,00000000,0023edcc) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000ac,7fe365d41790 L"CommonFilesDir",00000000,00000000,0023ef30,0023edbc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023ef10,7fe365d41760 L"CommonProgramW6432") ret=7fe365d3f368
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000024 ret=7fe365d3f368
000d:Call ntdll.RtlInitUnicodeString(0023ef20,0023ef30 L"C:\\Program Files\\Common Files") ret=7fe365d3f37d
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000003a ret=7fe365d3f37d
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ef10,0023ef20) ret=7fe365d3f38b
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3f38b
000d:Call ntdll.RtlInitUnicodeString(0023ef10,7fe365d41720 L"CommonProgramFiles") ret=7fe365d3f39a
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000024 ret=7fe365d3f39a
000d:Call ntdll.RtlInitUnicodeString(0023ef20,0023ef30 L"C:\\Program Files\\Common Files") ret=7fe365d3f3a7
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000003a ret=7fe365d3f3a7
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ef10,0023ef20) ret=7fe365d3f3b5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3f3b5
000d:Call advapi32.RegCloseKey(000000ac) ret=7fe365d3f07f
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe365d3f07f
000d:Call advapi32.GetTokenInformation(000000a8,00000001,00000000,00000000,0023eec8) ret=7fe365d3ec80
000d:Ret  advapi32.GetTokenInformation() retval=00000000 ret=7fe365d3ec80
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7fe365d3ecb5
000d:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe365d3ecb5
000d:Call advapi32.GetTokenInformation(000000a8,00000001,00044190,0000002c,0023eec8) ret=7fe365d3ece8
000d:Ret  advapi32.GetTokenInformation() retval=00000001 ret=7fe365d3ece8
000d:Call advapi32.ConvertSidToStringSidW(000441a0,0023ef20) ret=7fe365d3ed05
000d:Ret  advapi32.ConvertSidToStringSidW() retval=00000001 ret=7fe365d3ed05
000d:Call advapi32.LookupAccountSidW(00000000,000441a0,0023f1d2,0023eee8,00000000,0023ef10,0023eecc) ret=7fe365d3edb4
000d:Ret  advapi32.LookupAccountSidW() retval=00000000 ret=7fe365d3edb4
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044190) ret=7fe365d3edd8
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe365d3edd8
000d:Call KERNEL32.LocalFree(000441d0) ret=7fe365d3edfe
000d:Ret  KERNEL32.LocalFree() retval=00000000 ret=7fe365d3edfe
000d:Call advapi32.RegOpenKeyExW(ffffffff80000003,0023f1c0 L"S-1-5-21-0-0-0-1000",00000000,00020019,0023eed8) ret=7fe365d3ef5f
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe365d3ef5f
000d:Call advapi32.RegOpenKeyExW(000000b0,7fe365d41a70 L"Environment",00000000,00020019,0023eee0) ret=7fe365d3ef9f
000d:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7fe365d3ef9f
000d:Call advapi32.RegEnumValueW(000000b4,00000000,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"TEMP") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000008 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000b4,0023ddf0 L"TEMP",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000b4,0023ddf0 L"TEMP",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\users\\steamuser\\Temp") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000002e ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000b4,00000001,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"TMP") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000006 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000b4,0023ddf0 L"TMP",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000b4,0023ddf0 L"TMP",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\users\\steamuser\\Temp") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000002e ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000b4,00000002,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000103 ret=7fe365d3e67c
000d:Call advapi32.RegEnumValueW(000000b4,00000000,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"TEMP") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000008 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000b4,0023ddf0 L"TEMP",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000b4,0023ddf0 L"TEMP",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\users\\steamuser\\Temp") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000002e ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000b4,00000001,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000000 ret=7fe365d3e67c
000d:Call ntdll.RtlInitUnicodeString(0023ddd0,0023ddf0 L"TMP") ret=7fe365d3e6c5
000d:Ret  ntdll.RtlInitUnicodeString() retval=00000006 ret=7fe365d3e6c5
000d:Call advapi32.RegQueryValueExW(000000b4,0023ddf0 L"TMP",00000000,0023dce8,00000000,0023dcec) ret=7fe365d3e4bb
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e4bb
000d:Call advapi32.RegQueryValueExW(000000b4,0023ddf0 L"TMP",00000000,00000000,0023e5f0,0023dcdc) ret=7fe365d3e51f
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe365d3e51f
000d:Call ntdll.RtlInitUnicodeString(0023dde0,0023e5f0 L"C:\\users\\steamuser\\Temp") ret=7fe365d3e7d3
000d:Ret  ntdll.RtlInitUnicodeString() retval=0000002e ret=7fe365d3e7d3
000d:Call ntdll.RtlSetEnvironmentVariable(0023eed0,0023ddd0,0023dde0) ret=7fe365d3e7e5
000d:Ret  ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7fe365d3e7e5
000d:Call advapi32.RegEnumValueW(000000b4,00000002,0023ddf0,0023ddcc,00000000,00000000,00000000,00000000) ret=7fe365d3e67c
000d:Ret  advapi32.RegEnumValueW() retval=00000103 ret=7fe365d3e67c
000d:Call advapi32.RegCloseKey(000000b4) ret=7fe365d3f4fb
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe365d3f4fb
000d:Call advapi32.RegOpenKeyExW(000000b0,7fe365d41a40 L"Volatile Environment",00000000,00020019,0023eee0) ret=7fe365d3efce
000d:Ret  advapi32.RegOpenKeyExW() retval=00000002 ret=7fe365d3efce
000d:Call advapi32.RegCloseKey(000000b0) ret=7fe365d3efe3
000d:Ret  advapi32.RegCloseKey() retval=00000000 ret=7fe365d3efe3
000d:Ret  userenv.CreateEnvironmentBlock() retval=00000001 ret=7fe364745f58
000d:Call KERNEL32.CloseHandle(000000a8) ret=7fe364745f62
000d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe364745f62
000d:Call KERNEL32.ResetEvent(00000098) ret=7fe3647457e5
000d:Ret  KERNEL32.ResetEvent() retval=00000001 ret=7fe3647457e5
000d:Call KERNEL32.CreateProcessW(00000000,00043ec0 L"C:\\windows\\system32\\winedevice.exe",00000000,00000000,7fe300000000,00000400,00370000,00000000,0024f3d0,0024f3b0) ret=7fe364745879
0010:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError"
0010:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32"
0010:Call KERNEL32.__wine_kernel_init() ret=7bc85261
0010:Ret  KERNEL32.__wine_kernel_init() retval=7b47d405 ret=7bc85261
000d:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7fe364745879
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00043ec0) ret=7fe364745892
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364745892
000d:Call KERNEL32.CloseHandle(000000b8) ret=7fe3647458be
000d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe3647458be
000d:Call KERNEL32.ConnectNamedPipe(000000a4,0024f6d0) ret=7fe36474624a
000d:Ret  KERNEL32.ConnectNamedPipe() retval=00000000 ret=7fe36474624a
000d:Call KERNEL32.WaitForMultipleObjects(00000002,0024f6f0,00000000,00002710) ret=7fe364746577
0010:Call PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0010:Ret  PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0010:Call PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0010:Ret  PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0010:Call PE DLL (proc=0x7f8c5ec9d1d4,module=0x7f8c5ec40000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0010:Ret  PE DLL (proc=0x7f8c5ec9d1d4,module=0x7f8c5ec40000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0010:Call PE DLL (proc=0x7f8c5ec04ee9,module=0x7f8c5ebe0000 L"ntoskrnl.exe",reason=PROCESS_ATTACH,res=0x24fb00)
0010:Call KERNEL32.DisableThreadLibraryCalls(7f8c5ebe0000) ret=7f8c5ebff0e2
0010:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f8c5ebff0e2
0010:Call ntdll.RtlAddVectoredExceptionHandler(00000001,7f8c5ebf2ff2) ret=7f8c5ebff0f3
0010:Ret  ntdll.RtlAddVectoredExceptionHandler() retval=00031400 ret=7f8c5ebff0f3
0010:Call ntdll.NtGetTickCount() ret=7f8c5ebf9cee
0010:Ret  ntdll.NtGetTickCount() retval=031a2758 ret=7f8c5ebf9cee
0010:Ret  PE DLL (proc=0x7f8c5ec04ee9,module=0x7f8c5ebe0000 L"ntoskrnl.exe",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0010:Call PE DLL (proc=0x7f8c60b41699,module=0x7f8c60b40000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0010:Call ntdll.LdrDisableThreadCalloutsForDll(7f8c60b40000) ret=7f8c60b41692
0010:Ret  ntdll.LdrDisableThreadCalloutsForDll() retval=00000000 ret=7f8c60b41692
0010:Ret  PE DLL (proc=0x7f8c60b41699,module=0x7f8c60b40000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0010:Starting process L"C:\\windows\\system32\\winedevice.exe" (entryproc=0x7f8c60b2d0b6)
0010:Call advapi32.StartServiceCtrlDispatcherW(0024fca0) ret=7f8c60b2d09a
0010:Call PE DLL (proc=0x7f8c5eb99e5b,module=0x7f8c5eb40000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil))
0010:Ret  PE DLL (proc=0x7f8c5eb99e5b,module=0x7f8c5eb40000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0010:Call rpcrt4.NdrClientInitializeNew(0024f180,0024f2c0,7f8c5ecbcd00,0000000f) ret=7f8c5ec942a4
0010:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec942a4
0010:Call rpcrt4.RpcStringBindingComposeW(00000000,0024f030 L"ncacn_np",00000000,0024f050 L"\\pipe\\svcctl",00000000,0024f020) ret=7f8c5ec8725f
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7f8c5eb7cc0c
0010:Ret  ntdll.RtlAllocateHeap() retval=000316f0 ret=7f8c5eb7cc0c
0010:Ret  rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7f8c5ec8725f
0010:Call rpcrt4.RpcBindingFromStringBindingW(000316f0 L"ncacn_np:[\\\\pipe\\\\svcctl]",0024f028) ret=7f8c5ec872c0
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7f8c5eb7b9c5
0010:Ret  ntdll.RtlAllocateHeap() retval=00031760 ret=7f8c5eb7b9c5
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000002) ret=7f8c5eb7b9c5
0010:Ret  ntdll.RtlAllocateHeap() retval=00031530 ret=7f8c5eb7b9c5
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7f8c5eb7b9c5
0010:Ret  ntdll.RtlAllocateHeap() retval=00031570 ret=7f8c5eb7b9c5
0010:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f8c5eb7b908
0010:Ret  ntdll.RtlAllocateHeap() retval=000315b0 ret=7f8c5eb7b908
0010:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031760 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000) ret=7f8c5eb7bb63
0010:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f8c5eb7bb63
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f8c5eb7bb7d
0010:Ret  ntdll.RtlAllocateHeap() retval=000466f0 ret=7f8c5eb7bb7d
0010:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031760 L"ncacn_np",ffffffff,000466f0,00000009,00000000,00000000) ret=7f8c5eb7bbae
0010:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f8c5eb7bbae
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7f8a2
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7f8a2
0010:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031530 L"",ffffffff,00000000,00000000,00000000,00000000) ret=7f8c5eb7bb63
0010:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f8c5eb7bb63
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bb7d
0010:Ret  ntdll.RtlAllocateHeap() retval=00046730 ret=7f8c5eb7bb7d
0010:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031530 L"",ffffffff,00046730,00000001,00000000,00000000) ret=7f8c5eb7bbae
0010:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f8c5eb7bbae
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7f8d2
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7f8d2
0010:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031570 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000) ret=7f8c5eb7bb63
0010:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f8c5eb7bb63
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bb7d
0010:Ret  ntdll.RtlAllocateHeap() retval=00046770 ret=7f8c5eb7bb7d
0010:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031570 L"\\pipe\\svcctl",ffffffff,00046770,0000000d,00000000,00000000) ret=7f8c5eb7bbae
0010:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f8c5eb7bbae
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7f8fd
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7f8fd
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,000000a0) ret=7f8c5eb79f57
0010:Ret  ntdll.RtlAllocateHeap() retval=000467b0 ret=7f8c5eb79f57
0010:Call KERNEL32.InitializeCriticalSection(00046800) ret=7f8c5eb79f97
0010:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f8c5eb79f97
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f8c5eb7bafb
0010:Ret  ntdll.RtlAllocateHeap() retval=000468a0 ret=7f8c5eb7bafb
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bafb
0010:Ret  ntdll.RtlAllocateHeap() retval=000468e0 ret=7f8c5eb7bafb
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bafb
0010:Ret  ntdll.RtlAllocateHeap() retval=00046920 ret=7f8c5eb7bafb
0010:Call advapi32.SystemFunction036(000467ec,00000010) ret=7f8c5eb95e90
0010:Ret  advapi32.SystemFunction036() retval=00000001 ret=7f8c5eb95e90
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb95723
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00031570) ret=7f8c5eb95723
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00031530) ret=7f8c5eb95723
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00031760) ret=7f8c5eb95723
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb95723
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0010:Ret  rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7f8c5ec872c0
0010:Call rpcrt4.RpcStringFreeW(0024f020) ret=7f8c5ec872ca
0010:Call ntdll.RtlFreeHeap(00030000,00000000,000316f0) ret=7f8c5eb95723
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0010:Ret  rpcrt4.RpcStringFreeW() retval=00000000 ret=7f8c5ec872ca
0010:Call rpcrt4.NdrPointerBufferSize(0024f2c0,00000000,7f8c5eca6d0c) ret=7f8c5ec942d1
0010:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f8c5ec942d1
0010:Call rpcrt4.NdrPointerBufferSize(0024f2c0,00000000,7f8c5eca71f0) ret=7f8c5ec942e3
0010:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f8c5ec942e3
0010:Call rpcrt4.NdrGetBuffer(0024f2c0,00000010,000315b0) ret=7f8c5ec942fa
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7f8c5eb970b4
0010:Ret  ntdll.RtlAllocateHeap() retval=00031530 ret=7f8c5eb970b4
0010:Call ntdll.RtlAllocateHeap(00030000,00000008,00000118) ret=7f8c5eb8d4ef
0010:Ret  ntdll.RtlAllocateHeap() retval=00046960 ret=7f8c5eb8d4ef
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bafb
0010:Ret  ntdll.RtlAllocateHeap() retval=000316f0 ret=7f8c5eb7bafb
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bafb
0010:Ret  ntdll.RtlAllocateHeap() retval=00031730 ret=7f8c5eb7bafb
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7f8c5eb970b4
0010:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f8c5eb970b4
0010:Call KERNEL32.CreateFileA(00031770 "\\\\.\\pipe\\svcctl",c0000000,00000000,00000000,00000003,7f8c40000000,00000000) ret=7f8c5eb8e290
0010:Ret  KERNEL32.CreateFileA() retval=00000020 ret=7f8c5eb8e290
0010:Call KERNEL32.SetNamedPipeHandleState(00000020,0024ebd4,00000000,00000000) ret=7f8c5eb8e408
0010:Ret  KERNEL32.SetNamedPipeHandleState() retval=00000001 ret=7f8c5eb8e408
000e:Ret  KERNEL32.WaitForMultipleObjectsEx() retval=00000001 ret=7fe363ea3d32
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00031770) ret=7f8c5eb970d9
000e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000118) ret=7fe363e9d4ef
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
000e:Ret  ntdll.RtlAllocateHeap() retval=00044190 ret=7fe363e9d4ef
0010:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7f8c5eb83fd2
0010:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f8c5eb83fd2
000e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bafb
000e:Ret  ntdll.RtlAllocateHeap() retval=00044ed0 ret=7fe363e8bafb
0010:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7f8c5eb95492
0010:Ret  ntdll.RtlAllocateHeap() retval=00046a90 ret=7f8c5eb95492
0010:Call KERNEL32.InitializeCriticalSection(00046aa0) ret=7f8c5eb954a3
0010:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f8c5eb954a3
000e:Call KERNEL32.CreateNamedPipeA(00043cc0 "\\\\.\\pipe\\svcctl",40000003,00000006,000000ff,000016d0,000016d0,7fe300001388,00000000) ret=7fe363e9e83a
0010:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7f8c5eb84cd7
0010:Ret  ntdll.RtlAllocateHeap() retval=00046b40 ret=7f8c5eb84cd7
0010:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0024eb10,00046b40,00000048,00000000,00000000) ret=7f8c5eb8e5f6
000e:Ret  KERNEL32.CreateNamedPipeA() retval=000000a8 ret=7fe363e9e83a
000e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea0c0d
000e:Ret  ntdll.RtlAllocateHeap() retval=000442c0 ret=7fe363ea0c0d
000e:Call KERNEL32.GetComputerNameA(000442c0,0034fc04) ret=7fe363ea0c1e
0010:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00046b40) ret=7f8c5eb84d3f
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00031770) ret=7f8c5eb8448f
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb8448f
0010:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0024eb40,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0010:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0010:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
000e:Ret  KERNEL32.GetComputerNameA() retval=00000001 ret=7fe363ea0c1e
000e:Call KERNEL32.CreateThread(00000000,00000000,7fe363e9911c,00044190,00000000,00000000) ret=7fe363e9982d
000e:Ret  KERNEL32.CreateThread() retval=000000b0 ret=7fe363e9982d
000e:Call KERNEL32.CloseHandle(000000b0) ret=7fe363e9983d
000e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9983d
000e:Call ntdll.NtFsControlFile(000000a8,00000090,00000000,00000000,00043c48,00110008,00000000,7fe300000000,00000000,00000000) ret=7fe363e9e9b2
000e:Ret  ntdll.NtFsControlFile() retval=00000103 ret=7fe363e9e9b2
000e:Call ntdll.RtlReAllocateHeap(00030000,00000000,00043d70,00000010) ret=7fe363e9ea45
000e:Ret  ntdll.RtlReAllocateHeap() retval=00043d70 ret=7fe363e9ea45
000e:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00043d70,00000000,ffffffff,00000001) ret=7fe363ea3d32
0011:Call PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
0011:Ret  PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0011:Starting thread proc 0x7fe363e9911c (arg=0x44190)
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363e99242
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7fe363ea5492
0011:Ret  ntdll.RtlAllocateHeap() retval=00044360 ret=7fe363ea5492
0011:Call KERNEL32.InitializeCriticalSection(00044370) ret=7fe363ea54a3
0011:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fe363ea54a3
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001c) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00044410 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00044420,0000000c,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00044450 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00044450,0000002c,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00044490 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00044450) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e98bb0
0011:Ret  ntdll.RtlAllocateHeap() retval=00044450 ret=7fe363e98bb0
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7fe363e8b908
0011:Ret  ntdll.RtlAllocateHeap() retval=000444d0 ret=7fe363e8b908
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fe363e8bafb
0011:Ret  ntdll.RtlAllocateHeap() retval=00044560 ret=7fe363e8bafb
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000f) ret=7fe363e8bafb
0011:Ret  ntdll.RtlAllocateHeap() retval=000445a0 ret=7fe363e8bafb
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bafb
0011:Ret  ntdll.RtlAllocateHeap() retval=000445e0 ret=7fe363e8bafb
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,000000a0) ret=7fe363e89f57
0011:Ret  ntdll.RtlAllocateHeap() retval=00044f80 ret=7fe363e89f57
0011:Call KERNEL32.InitializeCriticalSection(00044fd0) ret=7fe363e89f97
0011:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fe363e89f97
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fe363e8bafb
0011:Ret  ntdll.RtlAllocateHeap() retval=00045070 ret=7fe363e8bafb
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000f) ret=7fe363e8bafb
0011:Ret  ntdll.RtlAllocateHeap() retval=000450b0 ret=7fe363e8bafb
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bafb
0011:Ret  ntdll.RtlAllocateHeap() retval=000450f0 ret=7fe363e8bafb
0011:Call advapi32.SystemFunction036(00044fbc,00000010) ret=7fe363ea5e90
0011:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000044) ret=7fe363e9411a
0011:Ret  ntdll.RtlAllocateHeap() retval=00045130 ret=7fe363e9411a
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00044450) ret=7fe363e98d98
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e98d98
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000044) ret=7fe363e94cd7
0011:Ret  ntdll.RtlAllocateHeap() retval=00045190 ret=7fe363e94cd7
0011:Call ntdll.NtWriteFile(0000007c,000000b0,00000000,00000000,0047fb20,00045190,00000044,00000000,00000000) ret=7fe363e9e5f6
0011:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045190) ret=7fe363e94d3f
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0010:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0010:Ret  ntdll.RtlAllocateHeap() retval=00046b40 ret=7f8c5eb85f4b
0010:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046b50,00000008,00000000,00000000) ret=7f8c5eb8e777
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045130) ret=7fe363e9448f
0010:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7f8c5eb86011
0010:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f8c5eb86011
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00044490) ret=7fe363ea70d9
0010:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00031770,0000002c,00000000,00000000) ret=7f8c5eb8e777
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00044410) ret=7fe363e9448f
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe363e99203
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99203
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e9921c
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9921c
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363e99242
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0010:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7f8c5eb970b4
0010:Ret  ntdll.RtlAllocateHeap() retval=00046b80 ret=7f8c5eb970b4
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00031770) ret=7f8c5eb86199
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00046b80) ret=7f8c5eb970d9
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00046b40) ret=7f8c5eb8448f
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb8448f
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7aabf
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7aabf
0010:Ret  rpcrt4.NdrGetBuffer() retval=00031530 ret=7f8c5ec942fa
0010:Call rpcrt4.NdrPointerMarshall(0024f2c0,00000000,7f8c5eca6d0c) ret=7f8c5ec9430c
0010:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f8c5ec9430c
0010:Call rpcrt4.NdrPointerMarshall(0024f2c0,00000000,7f8c5eca71f0) ret=7f8c5ec9431e
0010:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f8c5ec9431e
0010:Call rpcrt4.NdrSendReceive(0024f2c0,0003153c) ret=7f8c5ec94384
0010:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0010:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f8c5eb86f33
0010:Call ntdll.RtlAllocateHeap(00030000,00000008,00000024) ret=7f8c5eb84cd7
0010:Ret  ntdll.RtlAllocateHeap() retval=00046b40 ret=7f8c5eb84cd7
0010:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0024ec40,00046b40,00000024,00000000,00000000) ret=7f8c5eb8e5f6
0010:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00046b40) ret=7f8c5eb84d3f
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00031770) ret=7f8c5eb86fef
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0010:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0024ecc0,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00044450 ret=7fe363e95f4b
0010:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00044460,00000008,00000000,00000000) ret=7fe363e9e777
0010:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00044410 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00044410,0000000c,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00045130 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00044410) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=00044410 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00044410,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0012:Call PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
0012:Ret  PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e99242
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0012:Starting thread proc 0x7bccecb1 (arg=0x45290)
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7fe363ea5492
0012:Ret  ntdll.RtlAllocateHeap() retval=000453e0 ret=7fe363ea5492
0013:Call PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
0013:Ret  PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0012:Call KERNEL32.InitializeCriticalSection(000453f0) ret=7fe363ea54a3
0013:Starting thread proc 0x7bccecb1 (arg=0x45290)
0012:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fe363ea54a3
0012:Call rpcrt4.NdrServerInitializeNew(00044300,0059f620,7fe36475ed20) ret=7fe36474ca88
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474ca88
0012:Call rpcrt4.NdrPointerUnmarshall(0059f620,0059f7b8,7fe3647587ec,00000000) ret=7fe36474cb7c
0012:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb7c
0012:Call rpcrt4.NdrPointerUnmarshall(0059f620,0059f7c0,7fe364758cd0,00000000) ret=7fe36474cb95
0012:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb95
0012:Call rpcrt4.NdrContextHandleInitialize(0059f620,7fe3647587f4) ret=7fe36474cbfd
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0012:Ret  ntdll.RtlAllocateHeap() retval=00045490 ret=7fe363e8afef
0012:Call ntdll.RtlInitializeResource(000454c8) ret=7fe363e8b007
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0012:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0012:Call ntdll.RtlAcquireResourceExclusive(000454c8,00000001) ret=7fe363e8b01e
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrContextHandleInitialize() retval=00045490 ret=7fe36474cbfd
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe36473ec5f
0012:Ret  ntdll.RtlAllocateHeap() retval=00045640 ret=7fe36473ec5f
0012:Call ntdll.RtlMapGenericMask(00045644,7fe364757840) ret=7fe36473ec92
0012:Ret  ntdll.RtlMapGenericMask() retval=00000001 ret=7fe36473ec92
0012:Call rpcrt4.I_RpcGetBuffer(00044300) ret=7fe36474cc4c
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00045680 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474cc4c
0012:Call rpcrt4.NdrServerContextNewMarshall(0059f620,00045490,7fe36474416c,7fe3647587f4) ret=7fe36474cc83
0012:Call advapi32.SystemFunction036(000454b8,00000010) ret=7fe363ea5e90
0012:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363ea8141
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0012:Call ntdll.RtlReleaseResource(000454c8) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474cc83
0012:Call rpcrt4.NdrPointerFree(0059f620,00000000,7fe3647587ec) ret=7fe36474a76b
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a76b
0012:Call rpcrt4.NdrPointerFree(0059f620,00000000,7fe364758cd0) ret=7fe36474a781
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a781
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(0000007c,000000c0,00000000,00000000,0059f750,000456c0,00000030,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0010:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0010:Ret  ntdll.RtlAllocateHeap() retval=00046b40 ret=7f8c5eb85f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045130) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045680) ret=7fe363ea70d9
0010:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046b50,00000008,00000000,00000000) ret=7f8c5eb8e777
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044450) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe363e9966b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044410) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0010:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb86011
0010:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f8c5eb86011
0010:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00031770,00000018,00000000,00000000) ret=7f8c5eb8e777
0010:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb970b4
0010:Ret  ntdll.RtlAllocateHeap() retval=00046b80 ret=7f8c5eb970b4
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00031770) ret=7f8c5eb86199
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00046b40) ret=7f8c5eb87336
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00031530) ret=7f8c5eb970d9
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0010:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec94384
0010:Call rpcrt4.NdrClientContextUnmarshall(0024f2c0,0024f6b0,000315b0) ret=7f8c5ec943cb
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f8c5eb59958
0010:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f8c5eb59958
0010:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f8c5eb7e4e8
0010:Ret  ntdll.RtlAllocateHeap() retval=00046bc0 ret=7f8c5eb7e4e8
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f8c5eb7bafb
0010:Ret  ntdll.RtlAllocateHeap() retval=00046b40 ret=7f8c5eb7bafb
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bafb
0010:Ret  ntdll.RtlAllocateHeap() retval=00031530 ret=7f8c5eb7bafb
0010:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bafb
0010:Ret  ntdll.RtlAllocateHeap() retval=00046c50 ret=7f8c5eb7bafb
0010:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f8c5ec943cb
0010:Call rpcrt4.NdrFreeBuffer(0024f2c0) ret=7f8c5ec90b51
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00046b80) ret=7f8c5eb970d9
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0010:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec90b51
0010:Call rpcrt4.RpcBindingFree(0024f060) ret=7f8c5ec88083
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00046770) ret=7f8c5eb7eefd
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7eefd
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00046730) ret=7f8c5eb7ef15
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef15
0010:Call ntdll.RtlFreeHeap(00030000,00000000,000466f0) ret=7f8c5eb7ef2d
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef2d
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7ef45
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef45
0010:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7ef5d
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef5d
0010:Call ntdll.RtlFreeHeap(00030000,00000000,000315b0) ret=7f8c5eb7ef90
0010:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef90
0010:Ret  rpcrt4.RpcBindingFree() retval=00000000 ret=7f8c5ec88083
000d:Ret  KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7fe364746577
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746307
000d:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe364746307
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000042) ret=7fe36474071f
000d:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe36474071f
000d:Call KERNEL32.WriteFile(000000a4,00044300,00000042,0024f61c,0024f620) ret=7fe3647407b9
000d:Ret  KERNEL32.WriteFile() retval=00000001 ret=7fe3647407b9
000d:Call KERNEL32.ReadFile(000000a4,0024f6c4,00000004,0024f61c,0024f620) ret=7fe36474092c
000d:Ret  KERNEL32.ReadFile() retval=00000000 ret=7fe36474092c
000d:Call KERNEL32.WaitForSingleObject(000000a0,00002710) ret=7fe364740a04
0014:Call PE DLL (proc=0x7f8c5eb99e5b,module=0x7f8c5eb40000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
0014:Ret  PE DLL (proc=0x7f8c5eb99e5b,module=0x7f8c5eb40000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0014:Starting thread proc 0x7f8c5ec89101 (arg=0x314f0)
0014:Call rpcrt4.NdrClientInitializeNew(0034f690,0034f7d0,7f8c5ecbcd00,00000010) ret=7f8c5ec945d7
0014:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec945d7
0014:Call rpcrt4.NDRCContextBinding(00031770) ret=7f8c5ec945e8
0014:Ret  rpcrt4.NDRCContextBinding() retval=00046bc0 ret=7f8c5ec945e8
0014:Call rpcrt4.NdrConformantStringBufferSize(0034f7d0,000315b0,7f8c5eca6d22) ret=7f8c5ec9460d
0014:Ret  rpcrt4.NdrConformantStringBufferSize() retval=00000044 ret=7f8c5ec9460d
0014:Call rpcrt4.NdrGetBuffer(0034f7d0,00000044,00046bc0) ret=7f8c5ec94624
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=000466f0 ret=7f8c5eb970b4
0014:Ret  rpcrt4.NdrGetBuffer() retval=000466f0 ret=7f8c5ec94624
0014:Call rpcrt4.NdrClientContextMarshall(0034f7d0,00031770,00000000) ret=7f8c5ec94632
0014:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f8c5ec94632
0014:Call rpcrt4.NdrConformantStringMarshall(0034f7d0,000315b0,7f8c5eca6d22) ret=7f8c5ec94644
0014:Ret  rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7f8c5ec94644
0014:Call rpcrt4.NdrSendReceive(0034f7d0,0004672c) ret=7f8c5ec946aa
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0014:Ret  ntdll.RtlAllocateHeap() retval=00046b80 ret=7f8c5eb86f33
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7f8c5eb95492
0014:Ret  ntdll.RtlAllocateHeap() retval=00046c90 ret=7f8c5eb95492
0014:Call KERNEL32.InitializeCriticalSection(00046ca0) ret=7f8c5eb954a3
0014:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f8c5eb954a3
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000054) ret=7f8c5eb84cd7
0014:Ret  ntdll.RtlAllocateHeap() retval=00046d00 ret=7f8c5eb84cd7
0014:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034f150,00046d00,00000054,00000000,00000000) ret=7f8c5eb8e5f6
0014:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046d00) ret=7f8c5eb84d3f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046b80) ret=7f8c5eb86fef
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034f1d0,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0014:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0011:Call KERNEL32.CloseHandle(000000c0) ret=7fe363e9e6ff
0014:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00044410 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00044420,00000008,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003c) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00044450 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00044450,0000003c,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003c) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00045130 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00044450) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=000453a0 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000453a0,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00045680 ret=7fe363e99242
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7fe363ea5492
0013:Ret  ntdll.RtlAllocateHeap() retval=00045720 ret=7fe363ea5492
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0013:Call KERNEL32.InitializeCriticalSection(00045730) ret=7fe363ea54a3
0013:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fe363ea54a3
0013:Call rpcrt4.NdrServerInitializeNew(00045340,006af620,7fe36475ed20) ret=7fe36474fce2
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474fce2
0013:Call rpcrt4.NdrServerContextNewUnmarshall(006af620,7fe3647587fc) ret=7fe36474fdcb
0013:Call ntdll.RtlAcquireResourceExclusive(000454c8,00000001) ret=7fe363e8b140
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00045490 ret=7fe36474fdcb
0013:Call rpcrt4.NdrConformantStringUnmarshall(006af620,006af7c0,7fe364758802,00000000) ret=7fe36474fdec
0013:Ret  rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7fe36474fdec
0013:Call rpcrt4.NdrContextHandleInitialize(006af620,7fe364758804) ret=7fe36474fe54
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0013:Ret  ntdll.RtlAllocateHeap() retval=00045810 ret=7fe363e8afef
0013:Call ntdll.RtlInitializeResource(00045848) ret=7fe363e8b007
0013:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0013:Call ntdll.RtlAcquireResourceExclusive(00045848,00000001) ret=7fe363e8b01e
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrContextHandleInitialize() retval=00045810 ret=7fe36474fe54
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe36473debd
0013:Ret  ntdll.RtlAllocateHeap() retval=00045940 ret=7fe36473debd
0013:Call ntdll.RtlMapGenericMask(00045944,7fe364757830) ret=7fe36473defb
0013:Ret  ntdll.RtlMapGenericMask() retval=00008000 ret=7fe36473defb
0013:Call rpcrt4.I_RpcGetBuffer(00045340) ret=7fe36474fea7
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00045980 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474fea7
0013:Call rpcrt4.NdrServerContextNewMarshall(006af620,00045810,7fe36474416c,7fe364758804) ret=7fe36474fede
0013:Call advapi32.SystemFunction036(00045838,00000010) ret=7fe363ea5e90
0013:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363ea8141
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0013:Call ntdll.RtlReleaseResource(00045848) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474fede
0013:Call rpcrt4.NdrPointerFree(006af620,00045150,7fe364758800) ret=7fe36474ff62
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474ff62
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363ea81aa
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0013:Call ntdll.RtlReleaseResource(000454c8) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(0000007c,000000c8,00000000,00000000,006af750,000457d0,00000030,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045130) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045980) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00044410) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e9966b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000453a0) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0014:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0014:Ret  ntdll.RtlAllocateHeap() retval=00046d00 ret=7f8c5eb85f4b
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046d10,00000008,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb86011
0014:Ret  ntdll.RtlAllocateHeap() retval=00046b80 ret=7f8c5eb86011
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046b80,00000018,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00046d40 ret=7f8c5eb970b4
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046b80) ret=7f8c5eb86199
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046d00) ret=7f8c5eb87336
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0014:Call ntdll.RtlFreeHeap(00030000,00000000,000466f0) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec946aa
0014:Call rpcrt4.NdrClientContextUnmarshall(0034f7d0,0034fbb0,00046bc0) ret=7f8c5ec946f0
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f8c5eb59958
0014:Ret  ntdll.RtlAllocateHeap() retval=000466f0 ret=7f8c5eb59958
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f8c5eb7e4e8
0014:Ret  ntdll.RtlAllocateHeap() retval=00046d80 ret=7f8c5eb7e4e8
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00046b80 ret=7f8c5eb7bafb
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00046d00 ret=7f8c5eb7bafb
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00046e10 ret=7f8c5eb7bafb
0014:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f8c5ec946f0
0014:Call rpcrt4.NdrFreeBuffer(0034f7d0) ret=7f8c5ec94753
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046d40) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec94753
0014:Call rpcrt4.NdrClientInitializeNew(0034f690,0034f7d0,7f8c5ecbcd00,00000010) ret=7f8c5ec945d7
0014:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec945d7
0014:Call rpcrt4.NDRCContextBinding(00031770) ret=7f8c5ec945e8
0014:Ret  rpcrt4.NDRCContextBinding() retval=00046bc0 ret=7f8c5ec945e8
0014:Call rpcrt4.NdrConformantStringBufferSize(0034f7d0,000315b0,7f8c5eca6d22) ret=7f8c5ec9460d
0014:Ret  rpcrt4.NdrConformantStringBufferSize() retval=00000044 ret=7f8c5ec9460d
0014:Call rpcrt4.NdrGetBuffer(0034f7d0,00000044,00046bc0) ret=7f8c5ec94624
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00046e50 ret=7f8c5eb970b4
0014:Ret  rpcrt4.NdrGetBuffer() retval=00046e50 ret=7f8c5ec94624
0014:Call rpcrt4.NdrClientContextMarshall(0034f7d0,00031770,00000000) ret=7f8c5ec94632
0014:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f8c5ec94632
0014:Call rpcrt4.NdrConformantStringMarshall(0034f7d0,000315b0,7f8c5eca6d22) ret=7f8c5ec94644
0014:Ret  rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7f8c5ec94644
0014:Call rpcrt4.NdrSendReceive(0034f7d0,00046e8c) ret=7f8c5ec946aa
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0014:Ret  ntdll.RtlAllocateHeap() retval=00046d40 ret=7f8c5eb86f33
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000054) ret=7f8c5eb84cd7
0014:Ret  ntdll.RtlAllocateHeap() retval=00046eb0 ret=7f8c5eb84cd7
0014:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034f150,00046eb0,00000054,00000000,00000000) ret=7f8c5eb8e5f6
0014:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046eb0) ret=7f8c5eb84d3f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046d40) ret=7f8c5eb86fef
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034f1d0,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Call KERNEL32.CloseHandle(000000c8) ret=7fe363e9e6ff
0014:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0014:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,000457e0,00000008,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003c) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045340,0000003c,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003c) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00044410 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=000456e0 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000456e0,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0012:Call rpcrt4.NdrServerInitializeNew(00045680,0059f620,7fe36475ed20) ret=7fe36474fce2
0011:Ret  ntdll.RtlAllocateHeap() retval=00044460 ret=7fe363e99242
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474fce2
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f620,7fe3647587fc) ret=7fe36474fdcb
0012:Call ntdll.RtlAcquireResourceExclusive(000454c8,00000001) ret=7fe363e8b140
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00045490 ret=7fe36474fdcb
0012:Call rpcrt4.NdrConformantStringUnmarshall(0059f620,0059f7c0,7fe364758802,00000000) ret=7fe36474fdec
0012:Ret  rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7fe36474fdec
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0012:Call rpcrt4.NdrContextHandleInitialize(0059f620,7fe364758804) ret=7fe36474fe54
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0012:Ret  ntdll.RtlAllocateHeap() retval=00045980 ret=7fe363e8afef
0012:Call ntdll.RtlInitializeResource(000459b8) ret=7fe363e8b007
0012:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0012:Call ntdll.RtlAcquireResourceExclusive(000459b8,00000001) ret=7fe363e8b01e
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00045a30 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrContextHandleInitialize() retval=00045980 ret=7fe36474fe54
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe36473debd
0012:Ret  ntdll.RtlAllocateHeap() retval=00045a70 ret=7fe36473debd
0012:Call ntdll.RtlMapGenericMask(00045a74,7fe364757830) ret=7fe36473defb
0012:Ret  ntdll.RtlMapGenericMask() retval=0002008f ret=7fe36473defb
0012:Call rpcrt4.I_RpcGetBuffer(00045680) ret=7fe36474fea7
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00045ab0 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474fea7
0012:Call rpcrt4.NdrServerContextNewMarshall(0059f620,00045980,7fe36474416c,7fe364758804) ret=7fe36474fede
0012:Call advapi32.SystemFunction036(000459a8,00000010) ret=7fe363ea5e90
0012:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045a30) ret=7fe363ea8141
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0012:Call ntdll.RtlReleaseResource(000459b8) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474fede
0012:Call rpcrt4.NdrPointerFree(0059f620,00044430,7fe364758800) ret=7fe36474ff62
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474ff62
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0012:Call ntdll.RtlReleaseResource(000454c8) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=00045a30 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(0000007c,000000d0,00000000,00000000,0059f750,00045340,00000030,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045a30) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044410) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0014:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045ab0) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363e9448f
0014:Ret  ntdll.RtlAllocateHeap() retval=00046eb0 ret=7f8c5eb85f4b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045680) ret=7fe363e9966b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046ec0,00000008,00000000,00000000) ret=7f8c5eb8e777
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000456e0) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0014:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb86011
0014:Ret  ntdll.RtlAllocateHeap() retval=00046d40 ret=7f8c5eb86011
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046d40,00000018,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00046ef0 ret=7f8c5eb970b4
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046d40) ret=7f8c5eb86199
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046eb0) ret=7f8c5eb87336
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046e50) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec946aa
0014:Call rpcrt4.NdrClientContextUnmarshall(0034f7d0,0034fbb0,00046bc0) ret=7f8c5ec946f0
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f8c5eb59958
0014:Ret  ntdll.RtlAllocateHeap() retval=00046e50 ret=7f8c5eb59958
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f8c5eb7e4e8
0014:Ret  ntdll.RtlAllocateHeap() retval=00046f30 ret=7f8c5eb7e4e8
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00046d40 ret=7f8c5eb7bafb
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00046fc0 ret=7f8c5eb7bafb
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00047000 ret=7f8c5eb7bafb
0014:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f8c5ec946f0
0014:Call rpcrt4.NdrFreeBuffer(0034f7d0) ret=7f8c5ec94753
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00046ef0) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec94753
000d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe364740a04
000d:Call KERNEL32.GetOverlappedResult(000000a4,0024f620,0024f61c,00000000) ret=7fe364740990
000d:Ret  KERNEL32.GetOverlappedResult() retval=00000001 ret=7fe364740990
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe364740823
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364740823
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe364746401
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364746401
000d:Call KERNEL32.WaitForMultipleObjects(00000002,0024f6f0,00000000,00002710) ret=7fe3647464eb
0015:Call PE DLL (proc=0x7f8c5eb99e5b,module=0x7f8c5eb40000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
0015:Ret  PE DLL (proc=0x7f8c5eb99e5b,module=0x7f8c5eb40000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0015:Starting thread proc 0x7f8c5ec87474 (arg=0x31480)
0015:Call KERNEL32.LoadLibraryW(7f8c60b2d2a0 L"win32k.sys") ret=7f8c60b2c9ba
0015:Ret  KERNEL32.LoadLibraryW() retval=7f8c60b10000 ret=7f8c60b2c9ba
0015:Call KERNEL32.LoadLibraryW(7f8c60b2d2c0 L"dxgkrnl.sys") ret=7f8c60b2c9d4
0015:Ret  KERNEL32.LoadLibraryW() retval=7f8c5f540000 ret=7f8c60b2c9d4
0015:Call KERNEL32.LoadLibraryW(7f8c60b2d2e0 L"dxgmms1.sys") ret=7f8c60b2c9d4
0015:Ret  KERNEL32.LoadLibraryW() retval=7f8c5f530000 ret=7f8c60b2c9d4
0015:Call ntdll.LdrLockLoaderLock(00000000,00000000,0046fb98) ret=7f8c60b2ca21
0015:Ret  ntdll.LdrLockLoaderLock() retval=00000000 ret=7f8c60b2ca21
0015:Call KERNEL32.GetModuleHandleW(7f8c60b2d300 L"ntoskrnl.exe") ret=7f8c60b2ca2d
0015:Ret  KERNEL32.GetModuleHandleW() retval=7f8c5ebe0000 ret=7f8c60b2ca2d
0015:Call ntdll.LdrFindEntryForAddress(7f8c5ebe0000,0046fb90) ret=7f8c60b2ca3a
0015:Ret  ntdll.LdrFindEntryForAddress() retval=00000000 ret=7f8c60b2ca3a
0015:Call ntdll.LdrUnlockLoaderLock(00000000,00000015) ret=7f8c60b2cb0f
0015:Ret  ntdll.LdrUnlockLoaderLock() retval=00000000 ret=7f8c60b2cb0f
0015:Call advapi32.OpenSCManagerW(00000000,00000000,00000001) ret=7f8c60b2cb40
0015:Call rpcrt4.NdrClientInitializeNew(0046f500,0046f640,7f8c5ecbcd00,0000000f) ret=7f8c5ec942a4
0015:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec942a4
0015:Call rpcrt4.RpcStringBindingComposeW(00000000,0046f3b0 L"ncacn_np",00000000,0046f3d0 L"\\pipe\\svcctl",00000000,0046f3a0) ret=7f8c5ec8725f
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7f8c5eb7cc0c
0015:Ret  ntdll.RtlAllocateHeap() retval=00047080 ret=7f8c5eb7cc0c
0015:Ret  rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7f8c5ec8725f
0015:Call rpcrt4.RpcBindingFromStringBindingW(00047080 L"ncacn_np:[\\\\pipe\\\\svcctl]",0046f3a8) ret=7f8c5ec872c0
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7f8c5eb7b9c5
0015:Ret  ntdll.RtlAllocateHeap() retval=00047240 ret=7f8c5eb7b9c5
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000002) ret=7f8c5eb7b9c5
0015:Ret  ntdll.RtlAllocateHeap() retval=000470f0 ret=7f8c5eb7b9c5
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7f8c5eb7b9c5
0015:Ret  ntdll.RtlAllocateHeap() retval=00047130 ret=7f8c5eb7b9c5
0015:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f8c5eb7b908
0015:Ret  ntdll.RtlAllocateHeap() retval=00047780 ret=7f8c5eb7b908
0015:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047240 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000) ret=7f8c5eb7bb63
0015:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f8c5eb7bb63
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f8c5eb7bb7d
0015:Ret  ntdll.RtlAllocateHeap() retval=00047810 ret=7f8c5eb7bb7d
0015:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047240 L"ncacn_np",ffffffff,00047810,00000009,00000000,00000000) ret=7f8c5eb7bbae
0015:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f8c5eb7bbae
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7f8a2
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7f8a2
0015:Call KERNEL32.WideCharToMultiByte(00000000,00000000,000470f0 L"",ffffffff,00000000,00000000,00000000,00000000) ret=7f8c5eb7bb63
0015:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f8c5eb7bb63
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bb7d
0015:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7f8c5eb7bb7d
0015:Call KERNEL32.WideCharToMultiByte(00000000,00000000,000470f0 L"",ffffffff,00047850,00000001,00000000,00000000) ret=7f8c5eb7bbae
0015:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f8c5eb7bbae
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7f8d2
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7f8d2
0015:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047130 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000) ret=7f8c5eb7bb63
0015:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f8c5eb7bb63
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bb7d
0015:Ret  ntdll.RtlAllocateHeap() retval=00047890 ret=7f8c5eb7bb7d
0015:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047130 L"\\pipe\\svcctl",ffffffff,00047890,0000000d,00000000,00000000) ret=7f8c5eb7bbae
0015:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f8c5eb7bbae
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7f8fd
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7f8fd
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb95723
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047130) ret=7f8c5eb95723
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0015:Call ntdll.RtlFreeHeap(00030000,00000000,000470f0) ret=7f8c5eb95723
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047240) ret=7f8c5eb95723
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb95723
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0015:Ret  rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7f8c5ec872c0
0015:Call rpcrt4.RpcStringFreeW(0046f3a0) ret=7f8c5ec872ca
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047080) ret=7f8c5eb95723
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0015:Ret  rpcrt4.RpcStringFreeW() retval=00000000 ret=7f8c5ec872ca
0015:Call rpcrt4.NdrPointerBufferSize(0046f640,00000000,7f8c5eca6d0c) ret=7f8c5ec942d1
0015:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f8c5ec942d1
0015:Call rpcrt4.NdrPointerBufferSize(0046f640,00000000,7f8c5eca71f0) ret=7f8c5ec942e3
0015:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f8c5ec942e3
0015:Call rpcrt4.NdrGetBuffer(0046f640,00000010,00047780) ret=7f8c5ec942fa
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7f8c5eb970b4
0015:Ret  ntdll.RtlAllocateHeap() retval=00047240 ret=7f8c5eb970b4
0015:Ret  rpcrt4.NdrGetBuffer() retval=00047240 ret=7f8c5ec942fa
0015:Call rpcrt4.NdrPointerMarshall(0046f640,00000000,7f8c5eca6d0c) ret=7f8c5ec9430c
0015:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f8c5ec9430c
0015:Call rpcrt4.NdrPointerMarshall(0046f640,00000000,7f8c5eca71f0) ret=7f8c5ec9431e
0015:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f8c5ec9431e
0015:Call rpcrt4.NdrSendReceive(0046f640,0004724c) ret=7f8c5ec94384
0015:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0015:Ret  ntdll.RtlAllocateHeap() retval=00047080 ret=7f8c5eb86f33
0015:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7f8c5eb95492
0015:Ret  ntdll.RtlAllocateHeap() retval=000470c0 ret=7f8c5eb95492
0015:Call KERNEL32.InitializeCriticalSection(000470d0) ret=7f8c5eb954a3
0015:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f8c5eb954a3
0015:Call ntdll.RtlAllocateHeap(00030000,00000008,00000024) ret=7f8c5eb84cd7
0015:Ret  ntdll.RtlAllocateHeap() retval=000478d0 ret=7f8c5eb84cd7
0015:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0046efc0,000478d0,00000024,00000000,00000000) ret=7f8c5eb8e5f6
0015:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0015:Call ntdll.RtlFreeHeap(00030000,00000000,000478d0) ret=7f8c5eb84d3f
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047080) ret=7f8c5eb86fef
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0015:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0046f040,ffffffff00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Call KERNEL32.CloseHandle(000000d0) ret=7fe363e9e6ff
0015:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0015:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045350,00000008,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00045a30 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045a30,0000000c,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045a30) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045600,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363e99242
0013:Call rpcrt4.NdrServerInitializeNew(00044460,006af620,7fe36475ed20) ret=7fe36474ca88
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474ca88
0013:Call rpcrt4.NdrPointerUnmarshall(006af620,006af7b8,7fe3647587ec,00000000) ret=7fe36474cb7c
0013:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb7c
0013:Call rpcrt4.NdrPointerUnmarshall(006af620,006af7c0,7fe364758cd0,00000000) ret=7fe36474cb95
0013:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb95
0013:Call rpcrt4.NdrContextHandleInitialize(006af620,7fe3647587f4) ret=7fe36474cbfd
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0013:Ret  ntdll.RtlAllocateHeap() retval=00045ab0 ret=7fe363e8afef
0013:Call ntdll.RtlInitializeResource(00045ae8) ret=7fe363e8b007
0013:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0013:Call ntdll.RtlAcquireResourceExclusive(00045ae8,00000001) ret=7fe363e8b01e
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00043ec0 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrContextHandleInitialize() retval=00045ab0 ret=7fe36474cbfd
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe36473ec5f
0013:Ret  ntdll.RtlAllocateHeap() retval=00045210 ret=7fe36473ec5f
0013:Call ntdll.RtlMapGenericMask(00045214,7fe364757840) ret=7fe36473ec92
0013:Ret  ntdll.RtlMapGenericMask() retval=00000001 ret=7fe36473ec92
0013:Call rpcrt4.I_RpcGetBuffer(00044460) ret=7fe36474cc4c
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00045680 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474cc4c
0013:Call rpcrt4.NdrServerContextNewMarshall(006af620,00045ab0,7fe36474416c,7fe3647587f4) ret=7fe36474cc83
0013:Call advapi32.SystemFunction036(00045ad8,00000010) ret=7fe363ea5e90
0013:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00043ec0) ret=7fe363ea8141
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0013:Call ntdll.RtlReleaseResource(00045ae8) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474cc83
0013:Call rpcrt4.NdrPointerFree(006af620,00000000,7fe3647587ec) ret=7fe36474a76b
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a76b
0013:Call rpcrt4.NdrPointerFree(006af620,00000000,7fe364758cd0) ret=7fe36474a781
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a781
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=00043ec0 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(0000007c,000000d8,00000000,00000000,006af750,00043ec0,00000030,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00043ec0) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045680) ret=7fe363ea70d9
0015:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00044460) ret=7fe363e9966b
0015:Ret  ntdll.RtlAllocateHeap() retval=000478d0 ret=7f8c5eb85f4b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363e996a1
0015:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,000478e0,00000008,00000000,00000000) ret=7f8c5eb8e777
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0015:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb86011
0015:Ret  ntdll.RtlAllocateHeap() retval=00047080 ret=7f8c5eb86011
0015:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047080,00000018,00000000,00000000) ret=7f8c5eb8e777
0015:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb970b4
0015:Ret  ntdll.RtlAllocateHeap() retval=00047910 ret=7f8c5eb970b4
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047080) ret=7f8c5eb86199
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0015:Call ntdll.RtlFreeHeap(00030000,00000000,000478d0) ret=7f8c5eb87336
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047240) ret=7f8c5eb970d9
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0015:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec94384
0015:Call rpcrt4.NdrClientContextUnmarshall(0046f640,0046fa30,00047780) ret=7f8c5ec943cb
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f8c5eb59958
0015:Ret  ntdll.RtlAllocateHeap() retval=00047240 ret=7f8c5eb59958
0015:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f8c5eb7e4e8
0015:Ret  ntdll.RtlAllocateHeap() retval=00047950 ret=7f8c5eb7e4e8
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f8c5eb7bafb
0015:Ret  ntdll.RtlAllocateHeap() retval=00047080 ret=7f8c5eb7bafb
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bafb
0015:Ret  ntdll.RtlAllocateHeap() retval=000478d0 ret=7f8c5eb7bafb
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bafb
0015:Ret  ntdll.RtlAllocateHeap() retval=000479e0 ret=7f8c5eb7bafb
0015:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f8c5ec943cb
0015:Call rpcrt4.NdrFreeBuffer(0046f640) ret=7f8c5ec90b51
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047910) ret=7f8c5eb970d9
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0015:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec90b51
0015:Call rpcrt4.RpcBindingFree(0046f3e0) ret=7f8c5ec88083
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047890) ret=7f8c5eb7eefd
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7eefd
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047850) ret=7f8c5eb7ef15
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef15
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047810) ret=7f8c5eb7ef2d
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef2d
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7ef45
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef45
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7ef5d
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef5d
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047780) ret=7f8c5eb7ef90
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef90
0015:Ret  rpcrt4.RpcBindingFree() retval=00000000 ret=7f8c5ec88083
0015:Ret  advapi32.OpenSCManagerW() retval=00047240 ret=7f8c60b2cb40
0015:Call advapi32.RegisterServiceCtrlHandlerExW(7f8c60b2d330 L"winedevice",7f8c60b2cd0c,00046ef0) ret=7f8c60b2cb66
0015:Ret  advapi32.RegisterServiceCtrlHandlerExW() retval=000466f0 ret=7f8c60b2cb66
0015:Call advapi32.SetServiceStatus(000466f0,0046fba0) ret=7f8c60b2cbbc
0015:Call rpcrt4.NdrClientInitializeNew(0046f550,0046f690,7f8c5ecbcd00,00000007) ret=7f8c5ec92468
0015:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec92468
0015:Call rpcrt4.NDRCContextBinding(000466f0) ret=7f8c5ec92479
0015:Ret  rpcrt4.NDRCContextBinding() retval=00046d80 ret=7f8c5ec92479
0015:Call rpcrt4.NdrGetBuffer(0046f690,00000038,00046d80) ret=7f8c5ec9249c
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f8c5eb970b4
0015:Ret  ntdll.RtlAllocateHeap() retval=00047780 ret=7f8c5eb970b4
0015:Ret  rpcrt4.NdrGetBuffer() retval=00047780 ret=7f8c5ec9249c
0015:Call rpcrt4.NdrClientContextMarshall(0046f690,000466f0,00000000) ret=7f8c5ec924aa
0015:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f8c5ec924aa
0015:Call rpcrt4.NdrSimpleStructMarshall(0046f690,0046fba0,7f8c5eca6c44) ret=7f8c5ec924bc
0015:Ret  rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7f8c5ec924bc
0015:Call rpcrt4.NdrSendReceive(0046f690,000477b0) ret=7f8c5ec924cc
0015:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0015:Ret  ntdll.RtlAllocateHeap() retval=00047910 ret=7f8c5eb86f33
0015:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7f8c5eb84cd7
0015:Ret  ntdll.RtlAllocateHeap() retval=000477d0 ret=7f8c5eb84cd7
0015:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0046f010,000477d0,00000048,00000000,00000000) ret=7f8c5eb8e5f6
0015:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0015:Call ntdll.RtlFreeHeap(00030000,00000000,000477d0) ret=7f8c5eb84d3f
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047910) ret=7f8c5eb86fef
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0015:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0046f090,ffffffff00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Call KERNEL32.CloseHandle(000000d8) ret=7fe363e9e6ff
0015:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0015:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045910,00000008,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045340,00000030,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=00045a30 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045a30,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0012:Call rpcrt4.NdrServerInitializeNew(00044300,0059f630,7fe36475ed20) ret=7fe36474c404
0011:Ret  ntdll.RtlAllocateHeap() retval=00043ec0 ret=7fe363e99242
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474c404
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f630,7fe364758720) ret=7fe36474c4e1
0012:Call ntdll.RtlAcquireResourceExclusive(00045848,00000001) ret=7fe363e8b140
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00044460 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00045810 ret=7fe36474c4e1
0012:Call rpcrt4.NdrSimpleStructUnmarshall(0059f630,0059f7d0,7fe364758724,00000000) ret=7fe36474c502
0012:Ret  rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7fe36474c502
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0012:Call KERNEL32.SetEvent(00000098) ret=7fe36473fc9e
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
000d:Ret  KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7fe3647464eb
0012:Ret  KERNEL32.SetEvent() retval=00000001 ret=7fe36473fc9e
0012:Call rpcrt4.I_RpcGetBuffer(00044300) ret=7fe36474c56d
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000008) ret=7fe363ea70b4
000d:Call KERNEL32.ReleaseMutex(0000009c) ret=7fe364746453
0012:Ret  ntdll.RtlAllocateHeap() retval=00045680 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474c56d
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044460) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0012:Call ntdll.RtlReleaseResource(00045848) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
000d:Ret  KERNEL32.ReleaseMutex() retval=00000001 ret=7fe364746453
0012:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363e93f0b
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe3647460cb
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,0000001c) ret=7fe363e94cd7
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe3647460cb
0012:Ret  ntdll.RtlAllocateHeap() retval=00044460 ret=7fe363e94cd7
000d:Call KERNEL32.ResetEvent(00000048) ret=7fe364745c38
000d:Ret  KERNEL32.ResetEvent() retval=00000001 ret=7fe364745c38
0012:Call ntdll.NtWriteFile(0000007c,000000d8,00000000,00000000,0059f750,00044460,0000001c,00000000,00000000) ret=7fe363e9e5f6
000d:Call KERNEL32.WaitForSingleObject(0000009c,00007530) ret=7fe364745c73
000d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe364745c73
000d:Call KERNEL32.ConnectNamedPipe(000000a4,0024faf0) ret=7fe36474624a
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044460) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
000d:Ret  KERNEL32.ConnectNamedPipe() retval=00000000 ret=7fe36474624a
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045680) ret=7fe363ea70d9
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000014) ret=7fe364746307
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
000d:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe364746307
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363e9448f
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000024) ret=7fe36474071f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
000d:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe36474071f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe363e9966b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
000d:Call KERNEL32.WriteFile(000000a4,00045900,00000024,0024fa3c,0024fa40) ret=7fe3647407b9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045a30) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0015:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
000d:Ret  KERNEL32.WriteFile() retval=00000001 ret=7fe3647407b9
0015:Ret  ntdll.RtlAllocateHeap() retval=000477d0 ret=7f8c5eb85f4b
000d:Call KERNEL32.ReadFile(000000a4,0024fae4,00000004,0024fa3c,0024fa40) ret=7fe36474092c
0015:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,000477e0,00000008,00000000,00000000) ret=7f8c5eb8e777
000d:Ret  KERNEL32.ReadFile() retval=00000000 ret=7fe36474092c
000d:Call KERNEL32.WaitForSingleObject(000000a0,00002710) ret=7fe364740a04
0015:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f8c5eb86011
0015:Ret  ntdll.RtlAllocateHeap() retval=00047910 ret=7f8c5eb86011
0015:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047910,00000004,00000000,00000000) ret=7f8c5eb8e777
0015:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f8c5eb970b4
0015:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7f8c5eb970b4
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047910) ret=7f8c5eb86199
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0015:Call ntdll.RtlFreeHeap(00030000,00000000,000477d0) ret=7f8c5eb87336
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000007a) ret=7f8c60b2ceff
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0014:Ret  ntdll.RtlAllocateHeap() retval=000315b0 ret=7f8c60b2ceff
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047780) ret=7f8c5eb970d9
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Call ntoskrnl.exe.RtlInitUnicodeString(0034fb20,000315b0 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\MountMgr") ret=7f8c60b2cf70
0015:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec924cc
0014:Call ntdll.RtlInitUnicodeString(0034fb20,000315b0 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\MountMgr") ret=7bca105f
0015:Call rpcrt4.NdrFreeBuffer(0046f690) ret=7f8c5ec92565
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000078 ret=7bca105f
0015:Call ntdll.RtlFreeHeap(00030000,00000000,00047850) ret=7f8c5eb970d9
0014:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000078 ret=7f8c60b2cf70
0015:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Call ntoskrnl.exe.ZwLoadDriver(0034fb20) ret=7f8c60b2cfa5
0015:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec92565
0015:Ret  advapi32.SetServiceStatus() retval=00000001 ret=7f8c60b2cbbc
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000007a) ret=7f8c5ebffe0f
0015:Call ntoskrnl.exe.wine_ntoskrnl_main_loop(00000044) ret=7f8c60b2cbc8
0014:Ret  ntdll.RtlAllocateHeap() retval=00047780 ret=7f8c5ebffe0f
0014:Call advapi32.OpenSCManagerW(00000000,00000000,00000001) ret=7f8c5ebffef1
0014:Call rpcrt4.NdrClientInitializeNew(0034f2b0,0034f3f0,7f8c5ecbcd00,0000000f) ret=7f8c5ec942a4
0014:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec942a4
0015:Call ntdll.RtlAllocateHeap(00030000,00000000,00001000) ret=7f8c5ebf6cc8
0014:Call rpcrt4.RpcStringBindingComposeW(00000000,0034f160 L"ncacn_np",00000000,0034f180 L"\\pipe\\svcctl",00000000,0034f150) ret=7f8c5ec8725f
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7f8c5eb7cc0c
0015:Ret  ntdll.RtlAllocateHeap() retval=00047a20 ret=7f8c5ebf6cc8
0014:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7f8c5eb7cc0c
0014:Ret  rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7f8c5ec8725f
0014:Call rpcrt4.RpcBindingFromStringBindingW(00047850 L"ncacn_np:[\\\\pipe\\\\svcctl]",0034f158) ret=7f8c5ec872c0
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7f8c5eb7b9c5
0014:Ret  ntdll.RtlAllocateHeap() retval=00047910 ret=7f8c5eb7b9c5
0015:Call KERNEL32.WaitForMultipleObjectsEx(00000002,0046f950,00000000,ffffffff,00000001) ret=7f8c5ebf6d63
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000002) ret=7f8c5eb7b9c5
0014:Ret  ntdll.RtlAllocateHeap() retval=00048a30 ret=7f8c5eb7b9c5
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7f8c5eb7b9c5
0014:Ret  ntdll.RtlAllocateHeap() retval=00048a70 ret=7f8c5eb7b9c5
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f8c5eb7b908
0014:Ret  ntdll.RtlAllocateHeap() retval=00048ab0 ret=7f8c5eb7b908
0014:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047910 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000) ret=7f8c5eb7bb63
0014:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f8c5eb7bb63
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f8c5eb7bb7d
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b40 ret=7f8c5eb7bb7d
0014:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047910 L"ncacn_np",ffffffff,00048b40,00000009,00000000,00000000) ret=7f8c5eb7bbae
0014:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f8c5eb7bbae
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7f8a2
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7f8a2
0014:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00048a30 L"",ffffffff,00000000,00000000,00000000,00000000) ret=7f8c5eb7bb63
0014:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f8c5eb7bb63
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bb7d
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b80 ret=7f8c5eb7bb7d
0014:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00048a30 L"",ffffffff,00048b80,00000001,00000000,00000000) ret=7f8c5eb7bbae
0014:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f8c5eb7bbae
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7f8d2
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7f8d2
0014:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00048a70 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000) ret=7f8c5eb7bb63
0014:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f8c5eb7bb63
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bb7d
0014:Ret  ntdll.RtlAllocateHeap() retval=00048bc0 ret=7f8c5eb7bb7d
0014:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00048a70 L"\\pipe\\svcctl",ffffffff,00048bc0,0000000d,00000000,00000000) ret=7f8c5eb7bbae
0014:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f8c5eb7bbae
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7f8fd
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7f8fd
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb95723
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048a70) ret=7f8c5eb95723
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048a30) ret=7f8c5eb95723
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047910) ret=7f8c5eb95723
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb95723
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0014:Ret  rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7f8c5ec872c0
0014:Call rpcrt4.RpcStringFreeW(0034f150) ret=7f8c5ec872ca
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047850) ret=7f8c5eb95723
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb95723
0014:Ret  rpcrt4.RpcStringFreeW() retval=00000000 ret=7f8c5ec872ca
0014:Call rpcrt4.NdrPointerBufferSize(0034f3f0,00000000,7f8c5eca6d0c) ret=7f8c5ec942d1
0014:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f8c5ec942d1
0014:Call rpcrt4.NdrPointerBufferSize(0034f3f0,00000000,7f8c5eca71f0) ret=7f8c5ec942e3
0014:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f8c5ec942e3
0014:Call rpcrt4.NdrGetBuffer(0034f3f0,00000010,00048ab0) ret=7f8c5ec942fa
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00047910 ret=7f8c5eb970b4
0014:Ret  rpcrt4.NdrGetBuffer() retval=00047910 ret=7f8c5ec942fa
0014:Call rpcrt4.NdrPointerMarshall(0034f3f0,00000000,7f8c5eca6d0c) ret=7f8c5ec9430c
0014:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f8c5ec9430c
0014:Call rpcrt4.NdrPointerMarshall(0034f3f0,00000000,7f8c5eca71f0) ret=7f8c5ec9431e
0014:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f8c5ec9431e
0014:Call rpcrt4.NdrSendReceive(0034f3f0,0004791c) ret=7f8c5ec94384
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0014:Ret  ntdll.RtlAllocateHeap() retval=00048a30 ret=7f8c5eb86f33
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000024) ret=7f8c5eb84cd7
0014:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7f8c5eb84cd7
0014:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034ed70,00047850,00000024,00000000,00000000) ret=7f8c5eb8e5f6
0014:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047850) ret=7f8c5eb84d3f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048a30) ret=7f8c5eb86fef
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034edf0,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0011:Call KERNEL32.CloseHandle(000000d8) ret=7fe363e9e6ff
0014:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0014:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045610,00000008,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045340,0000000c,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045340,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00045680 ret=7fe363e99242
0013:Call rpcrt4.NdrServerInitializeNew(00043ec0,006af620,7fe36475ed20) ret=7fe36474ca88
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474ca88
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0013:Call rpcrt4.NdrPointerUnmarshall(006af620,006af7b8,7fe3647587ec,00000000) ret=7fe36474cb7c
0013:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb7c
0013:Call rpcrt4.NdrPointerUnmarshall(006af620,006af7c0,7fe364758cd0,00000000) ret=7fe36474cb95
0013:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb95
0013:Call rpcrt4.NdrContextHandleInitialize(006af620,7fe3647587f4) ret=7fe36474cbfd
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0013:Ret  ntdll.RtlAllocateHeap() retval=00045ba0 ret=7fe363e8afef
0013:Call ntdll.RtlInitializeResource(00045bd8) ret=7fe363e8b007
0013:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0013:Call ntdll.RtlAcquireResourceExclusive(00045bd8,00000001) ret=7fe363e8b01e
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00045c90 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrContextHandleInitialize() retval=00045ba0 ret=7fe36474cbfd
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe36473ec5f
0013:Ret  ntdll.RtlAllocateHeap() retval=00045cd0 ret=7fe36473ec5f
0013:Call ntdll.RtlMapGenericMask(00045cd4,7fe364757840) ret=7fe36473ec92
0013:Ret  ntdll.RtlMapGenericMask() retval=00000001 ret=7fe36473ec92
0013:Call rpcrt4.I_RpcGetBuffer(00043ec0) ret=7fe36474cc4c
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00045d10 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474cc4c
0013:Call rpcrt4.NdrServerContextNewMarshall(006af620,00045ba0,7fe36474416c,7fe3647587f4) ret=7fe36474cc83
0013:Call advapi32.SystemFunction036(00045bc8,00000010) ret=7fe363ea5e90
0013:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045c90) ret=7fe363ea8141
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0013:Call ntdll.RtlReleaseResource(00045bd8) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474cc83
0013:Call rpcrt4.NdrPointerFree(006af620,00000000,7fe3647587ec) ret=7fe36474a76b
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a76b
0013:Call rpcrt4.NdrPointerFree(006af620,00000000,7fe364758cd0) ret=7fe36474a781
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a781
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=00045c90 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=00045d50 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(0000007c,000000e0,00000000,00000000,006af750,00045d50,00000030,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045d50) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045c90) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe363ea70d9
0014:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045d10) ret=7fe363ea70d9
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0014:Ret  ntdll.RtlAllocateHeap() retval=00048a30 ret=7f8c5eb85f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048a40,00000008,00000000,00000000) ret=7f8c5eb8e777
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00043ec0) ret=7fe363e9966b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0014:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb86011
0014:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7f8c5eb86011
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047850,00000018,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00048c00 ret=7f8c5eb970b4
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047850) ret=7f8c5eb86199
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048a30) ret=7f8c5eb87336
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047910) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec94384
0014:Call rpcrt4.NdrClientContextUnmarshall(0034f3f0,0034f7e0,00048ab0) ret=7f8c5ec943cb
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f8c5eb59958
0014:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7f8c5eb59958
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f8c5eb7e4e8
0014:Ret  ntdll.RtlAllocateHeap() retval=00048c40 ret=7f8c5eb7e4e8
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00047910 ret=7f8c5eb7bafb
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00048a30 ret=7f8c5eb7bafb
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00048cd0 ret=7f8c5eb7bafb
0014:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f8c5ec943cb
0014:Call rpcrt4.NdrFreeBuffer(0034f3f0) ret=7f8c5ec90b51
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048c00) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec90b51
0014:Call rpcrt4.RpcBindingFree(0034f190) ret=7f8c5ec88083
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048bc0) ret=7f8c5eb7eefd
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7eefd
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b80) ret=7f8c5eb7ef15
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef15
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b40) ret=7f8c5eb7ef2d
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef2d
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7ef45
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef45
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7ef5d
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef5d
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048ab0) ret=7f8c5eb7ef90
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef90
0014:Ret  rpcrt4.RpcBindingFree() retval=00000000 ret=7f8c5ec88083
0014:Ret  advapi32.OpenSCManagerW() retval=00047850 ret=7f8c5ebffef1
0014:Call advapi32.OpenServiceW(00047850,000477e8 L"MountMgr",00008001) ret=7f8c5ebfff39
0014:Call rpcrt4.NdrClientInitializeNew(0034f2c0,0034f400,7f8c5ecbcd00,00000010) ret=7f8c5ec945d7
0014:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec945d7
0014:Call rpcrt4.NDRCContextBinding(00047850) ret=7f8c5ec945e8
0014:Ret  rpcrt4.NDRCContextBinding() retval=00048c40 ret=7f8c5ec945e8
0014:Call rpcrt4.NdrConformantStringBufferSize(0034f400,000477e8,7f8c5eca6d22) ret=7f8c5ec9460d
0014:Ret  rpcrt4.NdrConformantStringBufferSize() retval=0000003e ret=7f8c5ec9460d
0014:Call rpcrt4.NdrGetBuffer(0034f400,0000003e,00048c40) ret=7f8c5ec94624
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003e) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00048ab0 ret=7f8c5eb970b4
0014:Ret  rpcrt4.NdrGetBuffer() retval=00048ab0 ret=7f8c5ec94624
0014:Call rpcrt4.NdrClientContextMarshall(0034f400,00047850,00000000) ret=7f8c5ec94632
0014:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f8c5ec94632
0014:Call rpcrt4.NdrConformantStringMarshall(0034f400,000477e8,7f8c5eca6d22) ret=7f8c5ec94644
0014:Ret  rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7f8c5ec94644
0014:Call rpcrt4.NdrSendReceive(0034f400,00048ae8) ret=7f8c5ec946aa
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b00 ret=7f8c5eb86f33
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7f8c5eb84cd7
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b40 ret=7f8c5eb84cd7
0014:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034ed80,00048b40,00000050,00000000,00000000) ret=7f8c5eb8e5f6
0014:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b40) ret=7f8c5eb84d3f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b00) ret=7f8c5eb86fef
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034ee00,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0011:Call KERNEL32.CloseHandle(000000e0) ret=7fe363e9e6ff
0014:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0014:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00045c90 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045ca0,00000008,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00044300,00000038,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00043ec0 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045340,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363e99242
0012:Call rpcrt4.NdrServerInitializeNew(00045680,0059f620,7fe36475ed20) ret=7fe36474fce2
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474fce2
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f620,7fe3647587fc) ret=7fe36474fdcb
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0012:Call ntdll.RtlAcquireResourceExclusive(00045bd8,00000001) ret=7fe363e8b140
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00044460 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00045ba0 ret=7fe36474fdcb
0012:Call rpcrt4.NdrConformantStringUnmarshall(0059f620,0059f7c0,7fe364758802,00000000) ret=7fe36474fdec
0012:Ret  rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7fe36474fdec
0012:Call rpcrt4.NdrContextHandleInitialize(0059f620,7fe364758804) ret=7fe36474fe54
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0012:Ret  ntdll.RtlAllocateHeap() retval=00045d10 ret=7fe363e8afef
0012:Call ntdll.RtlInitializeResource(00045d48) ret=7fe363e8b007
0012:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0012:Call ntdll.RtlAcquireResourceExclusive(00045d48,00000001) ret=7fe363e8b01e
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00045e00 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrContextHandleInitialize() retval=00045d10 ret=7fe36474fe54
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe36473debd
0012:Ret  ntdll.RtlAllocateHeap() retval=00045e40 ret=7fe36473debd
0012:Call ntdll.RtlMapGenericMask(00045e44,7fe364757830) ret=7fe36473defb
0012:Ret  ntdll.RtlMapGenericMask() retval=00008001 ret=7fe36473defb
0012:Call rpcrt4.I_RpcGetBuffer(00045680) ret=7fe36474fea7
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00045e80 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474fea7
0012:Call rpcrt4.NdrServerContextNewMarshall(0059f620,00045d10,7fe36474416c,7fe364758804) ret=7fe36474fede
0012:Call advapi32.SystemFunction036(00045d38,00000010) ret=7fe363ea5e90
0012:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045e00) ret=7fe363ea8141
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0012:Call ntdll.RtlReleaseResource(00045d48) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474fede
0012:Call rpcrt4.NdrPointerFree(0059f620,00043ee0,7fe364758800) ret=7fe36474ff62
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474ff62
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044460) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0012:Call ntdll.RtlReleaseResource(00045bd8) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=00045e00 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=00044460 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(0000007c,000000e8,00000000,00000000,0059f750,00044460,00000030,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044460) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045e00) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00043ec0) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045e80) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045c90) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045680) ret=7fe363e9966b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0014:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b40 ret=7f8c5eb85f4b
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048b50,00000008,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb86011
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b00 ret=7f8c5eb86011
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048b00,00000018,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b80 ret=7f8c5eb970b4
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b00) ret=7f8c5eb86199
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b40) ret=7f8c5eb87336
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048ab0) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec946aa
0014:Call rpcrt4.NdrClientContextUnmarshall(0034f400,0034f7e0,00048c40) ret=7f8c5ec946f0
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f8c5eb59958
0014:Ret  ntdll.RtlAllocateHeap() retval=00048bc0 ret=7f8c5eb59958
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f8c5eb7e4e8
0014:Ret  ntdll.RtlAllocateHeap() retval=00048ab0 ret=7f8c5eb7e4e8
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00048d10 ret=7f8c5eb7bafb
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00048d50 ret=7f8c5eb7bafb
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f8c5eb7bafb
0014:Ret  ntdll.RtlAllocateHeap() retval=00048d90 ret=7f8c5eb7bafb
0014:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f8c5ec946f0
0014:Call rpcrt4.NdrFreeBuffer(0034f400) ret=7f8c5ec94753
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b80) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec94753
0014:Ret  advapi32.OpenServiceW() retval=00048bc0 ret=7f8c5ebfff39
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047780) ret=7f8c5ebfff53
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebfff53
0014:Call advapi32.CloseServiceHandle(00047850) ret=7f8c5ebfff5b
0014:Call rpcrt4.NdrClientInitializeNew(0034f310,0034f450,7f8c5ecbcd00,00000000) ret=7f8c5ec9104f
0014:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec9104f
0014:Call rpcrt4.NDRCContextBinding(00047850) ret=7f8c5ec91060
0014:Ret  rpcrt4.NDRCContextBinding() retval=00048c40 ret=7f8c5ec91060
0014:Call rpcrt4.NdrGetBuffer(0034f450,00000018,00048c40) ret=7f8c5ec9108a
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b80 ret=7f8c5eb970b4
0014:Ret  rpcrt4.NdrGetBuffer() retval=00048b80 ret=7f8c5ec9108a
0014:Call rpcrt4.NdrClientContextMarshall(0034f450,00047850,00000001) ret=7f8c5ec9109b
0014:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f8c5ec9109b
0014:Call rpcrt4.NdrSendReceive(0034f450,00048b94) ret=7f8c5ec910ab
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0014:Ret  ntdll.RtlAllocateHeap() retval=00047780 ret=7f8c5eb86f33
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,0000002c) ret=7f8c5eb84cd7
0014:Ret  ntdll.RtlAllocateHeap() retval=00048dd0 ret=7f8c5eb84cd7
0014:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034edd0,00048dd0,0000002c,00000000,00000000) ret=7f8c5eb8e5f6
0014:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048dd0) ret=7f8c5eb84d3f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047780) ret=7f8c5eb86fef
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034ee50,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Call KERNEL32.CloseHandle(000000e8) ret=7fe363e9e6ff
0014:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0014:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00045e00 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045e10,00000008,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000014) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00045c90 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045c90,00000014,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000014) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00045b60 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045c90) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045600,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00043ec0 ret=7fe363e99242
0013:Call rpcrt4.NdrServerInitializeNew(00044300,006af640,7fe36475ed20) ret=7fe364746be9
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe364746be9
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0013:Call rpcrt4.NdrServerContextNewUnmarshall(006af640,7fe3647586c4) ret=7fe364746cb2
0013:Call ntdll.RtlAcquireResourceExclusive(00045bd8,00000001) ret=7fe363e8b140
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00044460 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00045ba0 ret=7fe364746cb2
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045cd0) ret=7fe36473ea85
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36473ea85
0013:Call rpcrt4.I_RpcGetBuffer(00044300) ret=7fe364746d15
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00045cd0 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe364746d15
0013:Call rpcrt4.NdrServerContextNewMarshall(006af640,00045ba0,7fe36474416c,7fe3647586c4) ret=7fe364746d51
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00044460) ret=7fe363ea8141
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0013:Call ntdll.RtlReleaseResource(00045bd8) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Call ntdll.RtlDeleteResource(00045bd8) ret=7fe363e8a075
0013:Ret  ntdll.RtlDeleteResource() retval=00000000 ret=7fe363e8a075
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045ba0) ret=7fe363e8a08c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e8a08c
0013:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000000 ret=7fe364746d51
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=00044460 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=00045680 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(0000007c,000000d8,00000000,00000000,006af750,00045680,00000030,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045680) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00044460) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045b60) ret=7fe363ea70d9
0014:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045cd0) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0014:Ret  ntdll.RtlAllocateHeap() retval=00048dd0 ret=7f8c5eb85f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045e00) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048de0,00000008,00000000,00000000) ret=7f8c5eb8e777
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe363e9966b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0014:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb86011
0014:Ret  ntdll.RtlAllocateHeap() retval=00047780 ret=7f8c5eb86011
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047780,00000018,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00048e10 ret=7f8c5eb970b4
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047780) ret=7f8c5eb86199
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048dd0) ret=7f8c5eb87336
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b80) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec910ab
0014:Call rpcrt4.NdrClientContextUnmarshall(0034f450,0034f6e8,00048c40) ret=7f8c5ec910f5
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047850) ret=7f8c5eb59937
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb59937
0014:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f8c5ec910f5
0014:Call rpcrt4.NdrFreeBuffer(0034f450) ret=7f8c5ec91158
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048cd0) ret=7f8c5eb7eefd
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7eefd
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048a30) ret=7f8c5eb7ef15
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef15
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047910) ret=7f8c5eb7ef2d
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef2d
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7ef45
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef45
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb7ef5d
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef5d
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048c40) ret=7f8c5eb7ef90
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb7ef90
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048e10) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec91158
0014:Ret  advapi32.CloseServiceHandle() retval=00000001 ret=7f8c5ebfff5b
0014:Call advapi32.QueryServiceConfigW(00048bc0,00000000,00000000,0034f960) ret=7f8c5ebfff7e
0014:Call rpcrt4.NdrClientInitializeNew(0034f290,0034f3d0,7f8c5ecbcd00,00000011) ret=7f8c5ec94916
0014:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec94916
0014:Call rpcrt4.NDRCContextBinding(00048bc0) ret=7f8c5ec94927
0014:Ret  rpcrt4.NDRCContextBinding() retval=00048ab0 ret=7f8c5ec94927
0014:Call rpcrt4.NdrGetBuffer(0034f3d0,00000020,00048ab0) ret=7f8c5ec9494a
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b80 ret=7f8c5eb970b4
0014:Ret  rpcrt4.NdrGetBuffer() retval=00048b80 ret=7f8c5ec9494a
0014:Call rpcrt4.NdrClientContextMarshall(0034f3d0,00048bc0,00000000) ret=7f8c5ec94958
0014:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f8c5ec94958
0014:Call rpcrt4.NdrSendReceive(0034f3d0,00048b98) ret=7f8c5ec949bd
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0014:Ret  ntdll.RtlAllocateHeap() retval=00047910 ret=7f8c5eb86f33
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7f8c5eb84cd7
0014:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7f8c5eb84cd7
0014:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034ed40,00047850,00000030,00000000,00000000) ret=7f8c5eb8e5f6
0014:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047850) ret=7f8c5eb84d3f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047910) ret=7f8c5eb86fef
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034edc0,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Call KERNEL32.CloseHandle(000000d8) ret=7fe363e9e6ff
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00045cd0 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045ce0,00000008,00000000,00000000) ret=7fe363e9e777
0014:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0014:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00045e00 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045e00,00000018,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045e00) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045600,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363e99242
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0012:Call rpcrt4.NdrServerInitializeNew(00043ec0,0059f5f0,7fe36475ed20) ret=7fe36475182c
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36475182c
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f5f0,7fe36475880c) ret=7fe36475190d
0012:Call ntdll.RtlAcquireResourceExclusive(00045d48,00000001) ret=7fe363e8b140
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00045680 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00045d10 ret=7fe36475190d
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000052) ret=7fe364746667
0012:Ret  ntdll.RtlAllocateHeap() retval=00045b60 ret=7fe364746667
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
0012:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe364746667
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001c) ret=7fe364746667
0012:Ret  ntdll.RtlAllocateHeap() retval=00045bd0 ret=7fe364746667
0012:Call rpcrt4.NdrComplexStructBufferSize(0059f5f0,0059f790,7fe364758824) ret=7fe364751a02
0012:Ret  rpcrt4.NdrComplexStructBufferSize() retval=000000e0 ret=7fe364751a02
0012:Call rpcrt4.I_RpcGetBuffer(00043ec0) ret=7fe364751a19
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,000000e0) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00045e80 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe364751a19
0012:Call rpcrt4.NdrComplexStructMarshall(0059f5f0,0059f790,7fe364758824) ret=7fe364751a49
0012:Ret  rpcrt4.NdrComplexStructMarshall() retval=00000000 ret=7fe364751a49
0012:Call rpcrt4.NdrPointerFree(0059f5f0,0059f790,7fe36475884c) ret=7fe364751b25
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045b60) ret=7fe36474424d
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe36474424d
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045bd0) ret=7fe36474424d
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe364751b25
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045680) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0012:Call ntdll.RtlReleaseResource(00045d48) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=00045680 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,000000f0) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=00045b60 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(0000007c,000000d8,00000000,00000000,0059f750,00045b60,000000f0,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045b60) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045680) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045e80) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0014:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045cd0) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00043ec0) ret=7fe363e9966b
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0014:Ret  ntdll.RtlAllocateHeap() retval=00048a30 ret=7f8c5eb85f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048a40,00000008,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,000000d8) ret=7f8c5eb86011
0014:Ret  ntdll.RtlAllocateHeap() retval=00048dd0 ret=7f8c5eb86011
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048dd0,000000d8,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,000000d8) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00048ec0 ret=7f8c5eb970b4
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048dd0) ret=7f8c5eb86199
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048a30) ret=7f8c5eb87336
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b80) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec949bd
0014:Call rpcrt4.NdrComplexStructUnmarshall(0034f3d0,0034f288,7f8c5eca6d44,00000000) ret=7f8c5ec94a00
0014:Ret  rpcrt4.NdrComplexStructUnmarshall() retval=00000000 ret=7f8c5ec94a00
0014:Call rpcrt4.NdrFreeBuffer(0034f3d0) ret=7f8c5ec94a86
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048ec0) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec94a86
0014:Ret  advapi32.QueryServiceConfigW() retval=00000000 ret=7f8c5ebfff7e
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,000000ca) ret=7f8c5ebfffa8
0014:Ret  ntdll.RtlAllocateHeap() retval=00048dd0 ret=7f8c5ebfffa8
0014:Call advapi32.QueryServiceConfigW(00048bc0,00048dd0,000000ca,0034f960) ret=7f8c5ebfffc9
0014:Call rpcrt4.NdrClientInitializeNew(0034f290,0034f3d0,7f8c5ecbcd00,00000011) ret=7f8c5ec94916
0014:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec94916
0014:Call rpcrt4.NDRCContextBinding(00048bc0) ret=7f8c5ec94927
0014:Ret  rpcrt4.NDRCContextBinding() retval=00048ab0 ret=7f8c5ec94927
0014:Call rpcrt4.NdrGetBuffer(0034f3d0,00000020,00048ab0) ret=7f8c5ec9494a
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b80 ret=7f8c5eb970b4
0014:Ret  rpcrt4.NdrGetBuffer() retval=00048b80 ret=7f8c5ec9494a
0014:Call rpcrt4.NdrClientContextMarshall(0034f3d0,00048bc0,00000000) ret=7f8c5ec94958
0014:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f8c5ec94958
0014:Call rpcrt4.NdrSendReceive(0034f3d0,00048b98) ret=7f8c5ec949bd
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0014:Ret  ntdll.RtlAllocateHeap() retval=00047910 ret=7f8c5eb86f33
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7f8c5eb84cd7
0014:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7f8c5eb84cd7
0014:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034ed40,00047850,00000030,00000000,00000000) ret=7f8c5eb8e5f6
0014:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047850) ret=7f8c5eb84d3f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047910) ret=7f8c5eb86fef
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034edc0,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0011:Call KERNEL32.CloseHandle(000000d8) ret=7fe363e9e6ff
0014:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0014:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045350,00000008,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045600,00000018,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00045e00 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045600,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00044460 ret=7fe363e99242
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0013:Call rpcrt4.NdrServerInitializeNew(00044300,006af5f0,7fe36475ed20) ret=7fe36475182c
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36475182c
0013:Call rpcrt4.NdrServerContextNewUnmarshall(006af5f0,7fe36475880c) ret=7fe36475190d
0013:Call ntdll.RtlAcquireResourceExclusive(00045d48,00000001) ret=7fe363e8b140
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00045d10 ret=7fe36475190d
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000052) ret=7fe364746667
0013:Ret  ntdll.RtlAllocateHeap() retval=00045b60 ret=7fe364746667
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
0013:Ret  ntdll.RtlAllocateHeap() retval=00045bd0 ret=7fe364746667
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001c) ret=7fe364746667
0013:Ret  ntdll.RtlAllocateHeap() retval=00045c10 ret=7fe364746667
0013:Call rpcrt4.NdrComplexStructBufferSize(006af5f0,006af790,7fe364758824) ret=7fe364751a02
0013:Ret  rpcrt4.NdrComplexStructBufferSize() retval=000000e0 ret=7fe364751a02
0013:Call rpcrt4.I_RpcGetBuffer(00044300) ret=7fe364751a19
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,000000e0) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00045e80 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe364751a19
0013:Call rpcrt4.NdrComplexStructMarshall(006af5f0,006af790,7fe364758824) ret=7fe364751a49
0013:Ret  rpcrt4.NdrComplexStructMarshall() retval=00000000 ret=7fe364751a49
0013:Call rpcrt4.NdrPointerFree(006af5f0,006af790,7fe36475884c) ret=7fe364751b25
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045b60) ret=7fe36474424d
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045bd0) ret=7fe36474424d
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045c10) ret=7fe36474424d
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe364751b25
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363ea81aa
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0013:Call ntdll.RtlReleaseResource(00045d48) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,000000f0) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=00045b60 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(0000007c,000000d8,00000000,00000000,006af750,00045b60,000000f0,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045b60) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045e00) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045e80) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe363e9966b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0014:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0014:Ret  ntdll.RtlAllocateHeap() retval=00048a30 ret=7f8c5eb85f4b
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048a40,00000008,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,000000d8) ret=7f8c5eb86011
0014:Ret  ntdll.RtlAllocateHeap() retval=00048eb0 ret=7f8c5eb86011
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048eb0,000000d8,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,000000d8) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00048fa0 ret=7f8c5eb970b4
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048eb0) ret=7f8c5eb86199
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048a30) ret=7f8c5eb87336
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b80) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec949bd
0014:Call rpcrt4.NdrComplexStructUnmarshall(0034f3d0,0034f288,7f8c5eca6d44,00000000) ret=7f8c5ec94a00
0014:Ret  rpcrt4.NdrComplexStructUnmarshall() retval=00000000 ret=7f8c5ec94a00
0014:Call rpcrt4.NdrFreeBuffer(0034f3d0) ret=7f8c5ec94a86
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048fa0) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec94a86
0014:Ret  advapi32.QueryServiceConfigW() retval=00000001 ret=7f8c5ebfffc9
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048dd0) ret=7f8c5ec0003a
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ec0003a
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000022) ret=7f8c5ebf3b69
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b80 ret=7f8c5ebf3b69
0014:Call ntdll.RtlInitUnicodeString(0034f950,00048b80 L"\\Driver\\MountMgr") ret=7f8c5ebf3c65
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000020 ret=7f8c5ebf3c65
0014:Call advapi32.SetServiceStatus(00048bc0,0034f960) ret=7f8c5ec001e3
0014:Call rpcrt4.NdrClientInitializeNew(0034f300,0034f440,7f8c5ecbcd00,00000007) ret=7f8c5ec92468
0014:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec92468
0014:Call rpcrt4.NDRCContextBinding(00048bc0) ret=7f8c5ec92479
0014:Ret  rpcrt4.NDRCContextBinding() retval=00048ab0 ret=7f8c5ec92479
0014:Call rpcrt4.NdrGetBuffer(0034f440,00000038,00048ab0) ret=7f8c5ec9249c
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7f8c5eb970b4
0014:Ret  rpcrt4.NdrGetBuffer() retval=00047850 ret=7f8c5ec9249c
0014:Call rpcrt4.NdrClientContextMarshall(0034f440,00048bc0,00000000) ret=7f8c5ec924aa
0014:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f8c5ec924aa
0014:Call rpcrt4.NdrSimpleStructMarshall(0034f440,0034f960,7f8c5eca6c44) ret=7f8c5ec924bc
0014:Ret  rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7f8c5ec924bc
0014:Call rpcrt4.NdrSendReceive(0034f440,00047880) ret=7f8c5ec924cc
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0014:Ret  ntdll.RtlAllocateHeap() retval=00047910 ret=7f8c5eb86f33
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7f8c5eb84cd7
0014:Ret  ntdll.RtlAllocateHeap() retval=00048a30 ret=7f8c5eb84cd7
0014:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034edc0,00048a30,00000048,00000000,00000000) ret=7f8c5eb8e5f6
0014:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048a30) ret=7f8c5eb84d3f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0011:Call KERNEL32.CloseHandle(000000d8) ret=7fe363e9e6ff
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047910) ret=7f8c5eb86fef
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034ee40,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00045e00 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045e10,00000008,00000000,00000000) ret=7fe363e9e777
0014:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0014:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045340,00000030,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045340,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00043ec0 ret=7fe363e99242
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0012:Call rpcrt4.NdrServerInitializeNew(00044460,0059f630,7fe36475ed20) ret=7fe36474c404
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474c404
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f630,7fe364758720) ret=7fe36474c4e1
0012:Call ntdll.RtlAcquireResourceExclusive(00045d48,00000001) ret=7fe363e8b140
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00045d10 ret=7fe36474c4e1
0012:Call rpcrt4.NdrSimpleStructUnmarshall(0059f630,0059f7d0,7fe364758724,00000000) ret=7fe36474c502
0012:Ret  rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7fe36474c502
0012:Call KERNEL32.SetEvent(00000048) ret=7fe36473fc9e
0012:Ret  KERNEL32.SetEvent() retval=00000001 ret=7fe36473fc9e
0012:Call rpcrt4.I_RpcGetBuffer(00044460) ret=7fe36474c56d
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000008) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00045b60 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474c56d
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0012:Call ntdll.RtlReleaseResource(00045d48) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,0000001c) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=00045ba0 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(0000007c,000000d8,00000000,00000000,0059f750,00045ba0,0000001c,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045ba0) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0014:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045b60) ret=7fe363ea70d9
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0014:Ret  ntdll.RtlAllocateHeap() retval=00048a30 ret=7f8c5eb85f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045e00) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048a40,00000008,00000000,00000000) ret=7f8c5eb8e777
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044460) ret=7fe363e9966b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0014:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f8c5eb86011
0014:Ret  ntdll.RtlAllocateHeap() retval=00047910 ret=7f8c5eb86011
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047910,00000004,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=00047780 ret=7f8c5eb970b4
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047910) ret=7f8c5eb86199
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048a30) ret=7f8c5eb87336
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047850) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec924cc
0014:Call rpcrt4.NdrFreeBuffer(0034f440) ret=7f8c5ec92565
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047780) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec92565
0014:Ret  advapi32.SetServiceStatus() retval=00000001 ret=7f8c5ec001e3
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,000001b0) ret=7f8c5ebf4a67
0014:Ret  ntdll.RtlAllocateHeap() retval=00048dd0 ret=7f8c5ebf4a67
0014:Call ntdll.RtlDuplicateUnicodeString(00000001,0034f950,00048e18) ret=7f8c5ebf5c2e
0014:Ret  ntdll.RtlDuplicateUnicodeString() retval=00000000 ret=7f8c5ebf5c2e
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000007a) ret=7f8c5ebf5f2d
0014:Ret  ntdll.RtlAllocateHeap() retval=00047780 ret=7f8c5ebf5f2d
0014:Call ntdll.RtlInitUnicodeString(00048f48,00047780 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\MountMgr") ret=7f8c5ebf5f8e
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000078 ret=7f8c5ebf5f8e
0014:Call advapi32.RegOpenKeyW(ffffffff80000002,000477a4 L"System\\CurrentControlSet\\Services\\MountMgr",0034f488) ret=7f8c5ebf420e
0014:Ret  advapi32.RegOpenKeyW() retval=00000000 ret=7f8c5ebf420e
0014:Call advapi32.RegQueryValueExW(00000048,7f8c5ec0c620 L"ImagePath",00000000,0034f480,00000000,0034f484) ret=7f8c5ebf42bb
0014:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7f8c5ebf42bb
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000052) ret=7f8c5ebf42d8
0014:Ret  ntdll.RtlAllocateHeap() retval=00048a30 ret=7f8c5ebf42d8
0014:Call advapi32.RegQueryValueExW(00000048,7f8c5ec0c620 L"ImagePath",00000000,0034f480,00048a30,0034f484) ret=7f8c5ebf42fc
0014:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7f8c5ebf42fc
0014:Call KERNEL32.ExpandEnvironmentStringsW(00048a30 L"C:\\windows\\system32\\drivers\\mountmgr.sys",00000000,00000000) ret=7f8c5ebf4513
0014:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000029 ret=7f8c5ebf4513
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000052) ret=7f8c5ebf4531
0014:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7f8c5ebf4531
0014:Call KERNEL32.ExpandEnvironmentStringsW(00048a30 L"C:\\windows\\system32\\drivers\\mountmgr.sys",00047850,00000029) ret=7f8c5ebf4544
0014:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000029 ret=7f8c5ebf4544
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048a30) ret=7f8c5ebf455b
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf455b
0014:Call advapi32.RegCloseKey(00000048) ret=7f8c5ebf44a3
0014:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f8c5ebf44a3
0014:Call KERNEL32.LoadLibraryW(00047850 L"C:\\windows\\system32\\drivers\\mountmgr.sys") ret=7f8c5ebf3e68
0014:Ret  KERNEL32.LoadLibraryW() retval=7f8c5eb20000 ret=7f8c5ebf3e68
0014:Call ntdll.RtlImageNtHeader(7f8c5eb20000) ret=7f8c5ebf3e7d
0014:Ret  ntdll.RtlImageNtHeader() retval=7f8c5eb20040 ret=7f8c5ebf3e7d
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00047850) ret=7f8c5ebf44ce
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf44ce
0014:Call ntdll.LdrLockLoaderLock(00000000,00000000,0034f700) ret=7f8c5ebf4758
0014:Ret  ntdll.LdrLockLoaderLock() retval=00000000 ret=7f8c5ebf4758
0014:Call ntdll.LdrFindEntryForAddress(7f8c5eb20000,0034f6f8) ret=7f8c5ebf4765
0014:Ret  ntdll.LdrFindEntryForAddress() retval=00000000 ret=7f8c5ebf4765
0014:Call ntdll.LdrUnlockLoaderLock(00000000,00000014) ret=7f8c5ebf478b
0014:Ret  ntdll.LdrUnlockLoaderLock() retval=00000000 ret=7f8c5ebf478b
0014:Call ntdll.RtlImageNtHeader(7f8c5eb20000) ret=7f8c5ebf479c
0014:Ret  ntdll.RtlImageNtHeader() retval=7f8c5eb20040 ret=7f8c5ebf479c
0014:Call driver init 0x7f8c5eb2c41f (obj=0x48de0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\MountMgr")
0014:Call ntoskrnl.exe.RtlInitUnicodeString(0034f4c0,7f8c5eb2dca0 L"\\Device\\MountPointManager") ret=7f8c5eb2c142
0014:Call ntdll.RtlInitUnicodeString(0034f4c0,7f8c5eb2dca0 L"\\Device\\MountPointManager") ret=7bca105f
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000032 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000032 ret=7f8c5eb2c142
0014:Call ntoskrnl.exe.RtlInitUnicodeString(0034f4d0,7f8c5eb2dc60 L"\\??\\MountPointManager") ret=7f8c5eb2c156
0014:Call ntdll.RtlInitUnicodeString(0034f4d0,7f8c5eb2dc60 L"\\??\\MountPointManager") ret=7bca105f
0014:Ret  ntdll.RtlInitUnicodeString() retval=0000002a ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0000002a ret=7f8c5eb2c156
0014:Call ntoskrnl.exe.IoCreateDevice(00048de0,00000000,0034f4c0,00000000,3000000000,7f8c00000000,0034f4b8) ret=7f8c5eb2c180
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000158) ret=7f8c5ebf4a67
0014:Ret  ntdll.RtlAllocateHeap() retval=000491c0 ret=7f8c5ebf4a67
0014:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7f8c5eb2c180
0014:Call ntoskrnl.exe.IoCreateSymbolicLink(0034f4d0,0034f4c0) ret=7f8c5eb2c226
0014:Call ntdll.NtCreateSymbolicLinkObject(0034f2d8,000f0001,0034f2e0,0034f4c0) ret=7f8c5ebf752c
0014:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f8c5ebf752c
0014:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7f8c5eb2c226
0014:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f8c5eb2dc20 L"System\\MountedDevices",00000000,00000000,3000000001,7f8c000f003f,00000000,7f8c5eb31a60,00000000) ret=7f8c5eb2c278
0014:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f8c5eb2c278
0014:Call ntoskrnl.exe.RtlInitUnicodeString(0034f4c0,7f8c5eb2dbe0 L"\\Driver\\Harddisk") ret=7f8c5eb2c287
0014:Call ntdll.RtlInitUnicodeString(0034f4c0,7f8c5eb2dbe0 L"\\Driver\\Harddisk") ret=7bca105f
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000020 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000020 ret=7f8c5eb2c287
0014:Call ntoskrnl.exe.IoCreateDriver(0034f4c0,7f8c5eb2aacd) ret=7f8c5eb2c296
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,000001b0) ret=7f8c5ebf4a67
0014:Ret  ntdll.RtlAllocateHeap() retval=00049330 ret=7f8c5ebf4a67
0014:Call ntdll.RtlDuplicateUnicodeString(00000001,0034f4c0,00049378) ret=7f8c5ebf5c2e
0014:Ret  ntdll.RtlDuplicateUnicodeString() retval=00000000 ret=7f8c5ebf5c2e
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000007a) ret=7f8c5ebf5f2d
0014:Ret  ntdll.RtlAllocateHeap() retval=00048f90 ret=7f8c5ebf5f2d
0014:Call ntdll.RtlInitUnicodeString(000494a8,00048f90 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Harddisk") ret=7f8c5ebf5f8e
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000078 ret=7f8c5ebf5f8e
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000038) ret=7f8c5eb284dc
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00047850 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00047850 ret=7f8c5eb284dc
0014:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0034f0a0,00000000,00000000,00000000,0034f098) ret=7f8c5eb28545
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0014:Ret  ntdll.RtlAllocateHeap() retval=000494f0 ret=7f8c5ebf4a67
0014:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7f8c5eb28545
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000003a) ret=7f8c5eb28678
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003a) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049020 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049020 ret=7f8c5eb28678
0014:Call ntoskrnl.exe.IoCreateSymbolicLink(0034f0b0,0034f0a0) ret=7f8c5eb286cd
0014:Call ntdll.NtCreateSymbolicLinkObject(0034eea8,000f0001,0034eeb0,0034f0a0) ret=7f8c5ebf752c
0014:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f8c5ebf752c
0014:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7f8c5eb286cd
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000033) ret=7f8c5eb28b2e
0014:Ret  ntdll.RtlAllocateHeap() retval=000496b0 ret=7f8c5eb28b2e
0014:Call advapi32.RegOpenKeyW(ffffffff80000002,7f8c5eb2d820 L"Software\\Wine\\Drives",0034f180) ret=7f8c5eb2aba6
0014:Ret  advapi32.RegOpenKeyW() retval=00000002 ret=7f8c5eb2aba6
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049700 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049700 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049700) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049700) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049700 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049700 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049700) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049700) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049700 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049700 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049790 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049790 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049790) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049790) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000028) ret=7f8c5eb29fd7
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049790 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049790 ret=7f8c5eb29fd7
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,00000040) ret=7f8c5eb29f0d
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000040) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=000497d0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=000497d0 ret=7f8c5eb29f0d
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000044) ret=7f8c5eb284dc
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049820 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049820 ret=7f8c5eb284dc
0014:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0034eff0,00000000,00000000,00000000,0034efe8) ret=7f8c5eb28545
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0014:Ret  ntdll.RtlAllocateHeap() retval=00049880 ret=7f8c5ebf4a67
0014:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7f8c5eb28545
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28a85
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28a85
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28aa2
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28aa2
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000000b) ret=7f8c5eb2841a
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000b) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049a40 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049a40 ret=7f8c5eb2841a
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,000000da) ret=7f8c5eb2afd9
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,000000da) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049a80 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049a80 ret=7f8c5eb2afd9
0014:Call ntoskrnl.exe.RtlInitUnicodeString(00049aa8,00049ac8 L"\\??\\Volume{00000000-0000-0000-0000-000000000043}") ret=7f8c5eb2b00d
0014:Call ntdll.RtlInitUnicodeString(00049aa8,00049ac8 L"\\??\\Volume{00000000-0000-0000-0000-000000000043}") ret=7bca105f
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000060 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000060 ret=7f8c5eb2b00d
0014:Call ntoskrnl.exe.IoCreateSymbolicLink(00049aa8,000499e8) ret=7f8c5eb2b0cd
0014:Call ntdll.NtCreateSymbolicLinkObject(0034ed58,000f0001,0034ed60,000499e8) ret=7f8c5ebf752c
0014:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f8c5ebf752c
0014:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7f8c5eb2b0cd
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000096) ret=7f8c5eb2afd9
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000096) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049b70 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049b70 ret=7f8c5eb2afd9
0014:Call ntoskrnl.exe.RtlInitUnicodeString(00049b98,00049bb8 L"\\DosDevices\\C:") ret=7f8c5eb2b00d
0014:Call ntdll.RtlInitUnicodeString(00049b98,00049bb8 L"\\DosDevices\\C:") ret=7bca105f
0014:Ret  ntdll.RtlInitUnicodeString() retval=0000001c ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0000001c ret=7f8c5eb2b00d
0014:Call ntoskrnl.exe.IoCreateSymbolicLink(00049b98,000499e8) ret=7f8c5eb2b0cd
0014:Call ntdll.NtCreateSymbolicLinkObject(0034ee48,000f0001,0034ee50,000499e8) ret=7f8c5ebf752c
0014:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f8c5ebf752c
0014:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7f8c5eb2b0cd
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb2be32
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2be32
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,0000000b) ret=7f8c5eb2be5a
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,0000000b) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049c20 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049c20 ret=7f8c5eb2be5a
0014:Call advapi32.RegSetValueExW(00000050,00049ac8 L"\\??\\Volume{00000000-0000-0000-0000-000000000043}",00000000,00000003,00049c20,0000000b) ret=7f8c5eb2beaa
0014:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f8c5eb2beaa
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb2be32
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2be32
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,0000000b) ret=7f8c5eb2be5a
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,0000000b) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049c60 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049c60 ret=7f8c5eb2be5a
0014:Call advapi32.RegSetValueExW(00000050,00049bb8 L"\\DosDevices\\C:",00000000,00000003,0034f05a,0000000e) ret=7f8c5eb2beaa
0014:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f8c5eb2beaa
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049ca0) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049ca0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049ca0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049ca0 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000080) ret=7f8c5eb29615
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000080) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049d30 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049d30 ret=7f8c5eb29615
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049d30) ret=7f8c5eb2964f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049d30) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2964f
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000028) ret=7f8c5eb29fd7
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049d30 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049d30 ret=7f8c5eb29fd7
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,00000040) ret=7f8c5eb29f0d
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000040) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049d70 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049d70 ret=7f8c5eb29f0d
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000044) ret=7f8c5eb284dc
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049dc0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049dc0 ret=7f8c5eb284dc
0014:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0034eff0,00000000,00000000,00000000,0034efe8) ret=7f8c5eb28545
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0014:Ret  ntdll.RtlAllocateHeap() retval=00049e20 ret=7f8c5ebf4a67
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00049e20) ret=7f8c5ebf71af
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf71af
0014:Ret  ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7f8c5eb28545
0014:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0034eff0,00000000,00000000,00000000,0034efe8) ret=7f8c5eb28545
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0014:Ret  ntdll.RtlAllocateHeap() retval=00049e20 ret=7f8c5ebf4a67
0014:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7f8c5eb28545
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28a85
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28a85
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28aa2
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28aa2
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000002) ret=7f8c5eb2841a
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000002) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=00049fe0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049fe0 ret=7f8c5eb2841a
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,000000da) ret=7f8c5eb2afd9
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,000000da) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a020 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004a020 ret=7f8c5eb2afd9
0014:Call ntoskrnl.exe.RtlInitUnicodeString(0004a048,0004a068 L"\\??\\Volume{00000000-0000-0000-0000-00000000005a}") ret=7f8c5eb2b00d
0014:Call ntdll.RtlInitUnicodeString(0004a048,0004a068 L"\\??\\Volume{00000000-0000-0000-0000-00000000005a}") ret=7bca105f
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000060 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000060 ret=7f8c5eb2b00d
0014:Call ntoskrnl.exe.IoCreateSymbolicLink(0004a048,00049f88) ret=7f8c5eb2b0cd
0014:Call ntdll.NtCreateSymbolicLinkObject(0034ed58,000f0001,0034ed60,00049f88) ret=7f8c5ebf752c
0014:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f8c5ebf752c
0014:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7f8c5eb2b0cd
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000096) ret=7f8c5eb2afd9
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000096) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a110 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004a110 ret=7f8c5eb2afd9
0014:Call ntoskrnl.exe.RtlInitUnicodeString(0004a138,0004a158 L"\\DosDevices\\Z:") ret=7f8c5eb2b00d
0014:Call ntdll.RtlInitUnicodeString(0004a138,0004a158 L"\\DosDevices\\Z:") ret=7bca105f
0014:Ret  ntdll.RtlInitUnicodeString() retval=0000001c ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0000001c ret=7f8c5eb2b00d
0014:Call ntoskrnl.exe.IoCreateSymbolicLink(0004a138,00049f88) ret=7f8c5eb2b0cd
0014:Call ntdll.NtCreateSymbolicLinkObject(0034ee48,000f0001,0034ee50,00049f88) ret=7f8c5ebf752c
0014:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f8c5ebf752c
0014:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7f8c5eb2b0cd
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb2be32
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2be32
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,00000004) ret=7f8c5eb2be5a
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000004) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a1c0 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004a1c0 ret=7f8c5eb2be5a
0014:Call advapi32.RegSetValueExW(00000050,0004a068 L"\\??\\Volume{00000000-0000-0000-0000-00000000005a}",00000000,00000003,0004a1c0,00000004) ret=7f8c5eb2beaa
0014:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f8c5eb2beaa
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb2be32
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2be32
0014:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,00000004) ret=7f8c5eb2be5a
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000004) ret=7bca105f
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a200 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004a200 ret=7f8c5eb2be5a
0014:Call advapi32.RegSetValueExW(00000050,0004a158 L"\\DosDevices\\Z:",00000000,00000003,0034f05a,0000000e) ret=7f8c5eb2beaa
0014:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f8c5eb2beaa
0014:Call advapi32.RegCloseKey(00000000) ret=7f8c5eb2ad1d
0014:Ret  advapi32.RegCloseKey() retval=00000006 ret=7f8c5eb2ad1d
0014:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,000496b0) ret=7f8c5eb2ad36
0014:Call ntdll.RtlFreeHeap(00030000,00000000,000496b0) ret=7bca105f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2ad36
0014:Ret  ntoskrnl.exe.IoCreateDriver() retval=00000000 ret=7f8c5eb2c296
0014:Call KERNEL32.CreateThread(00000000,00000000,7f8c5eb27675,00000000,00000000,00000000) ret=7f8c5eb281cd
0014:Ret  KERNEL32.CreateThread() retval=00000074 ret=7f8c5eb281cd
0014:Call KERNEL32.CloseHandle(00000074) ret=7f8c5eb281da
0014:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7f8c5eb281da
0014:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f8c5eb2dba0 L"Software\\Wow6432Node\\Wine\\Ports",00000000,00000000,3000000002,7f8c00000002,00000000,0034f4b0,00000000) ret=7f8c5eb2c2e8
0014:Ret  advapi32.RegCreateKeyExW() retval=000000b7 ret=7f8c5eb2c2e8
0014:Call advapi32.RegSetValueExW(00000000,7f8c5eb2db60 L"SymbolicLinkValue",00000000,00000006,7f8c5eb2db00,7f8c0000004a) ret=7f8c5eb2c316
0014:Ret  advapi32.RegSetValueExW() retval=00000006 ret=7f8c5eb2c316
0014:Call advapi32.RegCloseKey(00000000) ret=7f8c5eb2c320
0014:Ret  advapi32.RegCloseKey() retval=00000006 ret=7f8c5eb2c320
0014:Call ntoskrnl.exe.RtlInitUnicodeString(0034f4c0,7f8c5eb2dad0 L"\\Driver\\Serial") ret=7f8c5eb2c32f
0014:Call ntdll.RtlInitUnicodeString(0034f4c0,7f8c5eb2dad0 L"\\Driver\\Serial") ret=7bca105f
0014:Ret  ntdll.RtlInitUnicodeString() retval=0000001c ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0000001c ret=7f8c5eb2c32f
0014:Call ntoskrnl.exe.IoCreateDriver(0034f4c0,7f8c5eb2ae1f) ret=7f8c5eb2c33e
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,000001b0) ret=7f8c5ebf4a67
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a240 ret=7f8c5ebf4a67
0014:Call ntdll.RtlDuplicateUnicodeString(00000001,0034f4c0,0004a288) ret=7f8c5ebf5c2e
0014:Ret  ntdll.RtlDuplicateUnicodeString() retval=00000000 ret=7f8c5ebf5c2e
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000076) ret=7f8c5ebf5f2d
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a400 ret=7f8c5ebf5f2d
0014:Call ntdll.RtlInitUnicodeString(0004a3b8,0004a400 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Serial") ret=7f8c5ebf5f8e
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000074 ret=7f8c5ebf5f8e
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000033) ret=7f8c5eb28b2e
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a490 ret=7f8c5eb28b2e
0014:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f8c5eb2d7e0 L"Software\\Wine\\Ports",00000000,00000000,00000000,00000001,00000000,0034f0b0,00000000) ret=7f8c5eb29aea
0014:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f8c5eb29aea
0014:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f8c5eb2d540 L"HARDWARE\\DEVICEMAP\\SERIALCOMM",00000000,00000000,00000001,000f003f,00000000,0034f0b8,00000000) ret=7f8c5eb29b2b
0014:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f8c5eb29b2b
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM1",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM2",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0016:Call PE DLL (proc=0x7f8c5eb99e5b,module=0x7f8c5eb40000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM3",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM4",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0016:Ret  PE DLL (proc=0x7f8c5eb99e5b,module=0x7f8c5eb40000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM5",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0016:Starting thread proc 0x7f8c5eb27675 (arg=(nil))
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM6",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM7",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM8",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM9",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM10",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM11",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM12",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM13",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM14",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM15",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM16",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM17",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM18",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM19",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM20",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM21",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM22",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM23",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM24",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM25",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM26",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM27",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM28",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM29",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM30",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM31",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM32",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"COM33",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegCloseKey(00000074) ret=7f8c5eb29c3f
0014:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f8c5eb29c3f
0014:Call advapi32.RegCloseKey(00000078) ret=7f8c5eb29c49
0014:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f8c5eb29c49
0014:Call ntdll.RtlFreeHeap(00030000,00000000,0004a490) ret=7f8c5eb29c60
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb29c60
0014:Call ntdll.RtlCompareUnicodeString(0004a288,00049378,00000000) ret=7f8c5ebf3ab5
0014:Ret  ntdll.RtlCompareUnicodeString() retval=0000000b ret=7f8c5ebf3ab5
0014:Ret  ntoskrnl.exe.IoCreateDriver() retval=00000000 ret=7f8c5eb2c33e
0014:Call ntoskrnl.exe.RtlInitUnicodeString(0034f4c0,7f8c5eb2daa0 L"\\Driver\\Parallel") ret=7f8c5eb2c34d
0014:Call ntdll.RtlInitUnicodeString(0034f4c0,7f8c5eb2daa0 L"\\Driver\\Parallel") ret=7bca105f
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000020 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000020 ret=7f8c5eb2c34d
0014:Call ntoskrnl.exe.IoCreateDriver(0034f4c0,7f8c5eb2aebb) ret=7f8c5eb2c35c
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,000001b0) ret=7f8c5ebf4a67
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a490 ret=7f8c5ebf4a67
0014:Call ntdll.RtlDuplicateUnicodeString(00000001,0034f4c0,0004a4d8) ret=7f8c5ebf5c2e
0014:Ret  ntdll.RtlDuplicateUnicodeString() retval=00000000 ret=7f8c5ebf5c2e
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,0000007a) ret=7f8c5ebf5f2d
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a690 ret=7f8c5ebf5f2d
0014:Call ntdll.RtlInitUnicodeString(0004a608,0004a690 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Parallel") ret=7f8c5ebf5f8e
0014:Ret  ntdll.RtlInitUnicodeString() retval=00000078 ret=7f8c5ebf5f8e
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000033) ret=7f8c5eb28b2e
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a720 ret=7f8c5eb28b2e
0014:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f8c5eb2d7e0 L"Software\\Wine\\Ports",00000000,00000000,00000000,00000001,00000000,0034f0b0,00000000) ret=7f8c5eb29aea
0014:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f8c5eb29aea
0014:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f8c5eb2d4e0 L"HARDWARE\\DEVICEMAP\\PARALLEL PORTS",00000000,00000000,00000001,000f003f,00000000,0034f0b8,00000000) ret=7f8c5eb29b2b
0014:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f8c5eb29b2b
0014:Call advapi32.RegQueryValueExW(00000074,0034ec62 L"LPT1",00000000,0034ec20,0034ecf0,0034ec24) ret=7f8c5eb29745
0014:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f8c5eb29745
0014:Call advapi32.RegCloseKey(00000074) ret=7f8c5eb29c3f
0014:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f8c5eb29c3f
0014:Call advapi32.RegCloseKey(00000078) ret=7f8c5eb29c49
0014:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f8c5eb29c49
0014:Call ntdll.RtlFreeHeap(00030000,00000000,0004a720) ret=7f8c5eb29c60
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb29c60
0014:Call ntdll.RtlCompareUnicodeString(0004a4d8,00049378,00000000) ret=7f8c5ebf3ab5
0014:Ret  ntdll.RtlCompareUnicodeString() retval=00000008 ret=7f8c5ebf3ab5
0014:Call ntdll.RtlCompareUnicodeString(0004a4d8,0004a288,00000000) ret=7f8c5ebf3ab5
0014:Ret  ntdll.RtlCompareUnicodeString() retval=fffffffd ret=7f8c5ebf3ab5
0014:Ret  ntoskrnl.exe.IoCreateDriver() retval=00000000 ret=7f8c5eb2c35c
0014:Ret  driver init 0x7f8c5eb2c41f (obj=0x48de0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\MountMgr") retval=00000000
0014:Call ntdll.RtlCompareUnicodeString(00048e18,0004a4d8,00000000) ret=7f8c5ebf3ab5
0014:Ret  ntdll.RtlCompareUnicodeString() retval=fffffffd ret=7f8c5ebf3ab5
0014:Call ntdll.RtlCompareUnicodeString(00048e18,00049378,00000000) ret=7f8c5ebf3ab5
0014:Ret  ntdll.RtlCompareUnicodeString() retval=00000005 ret=7f8c5ebf3ab5
0014:Call ntdll.RtlCompareUnicodeString(0034f950,0004a4d8,00000000) ret=7f8c5ebf3ab5
0014:Ret  ntdll.RtlCompareUnicodeString() retval=fffffffd ret=7f8c5ebf3ab5
0014:Call ntdll.RtlCompareUnicodeString(0034f950,00049378,00000000) ret=7f8c5ebf3ab5
0014:Ret  ntdll.RtlCompareUnicodeString() retval=00000005 ret=7f8c5ebf3ab5
0014:Call ntdll.RtlCompareUnicodeString(0034f950,00048e18,00000000) ret=7f8c5ebf3ab5
0014:Ret  ntdll.RtlCompareUnicodeString() retval=00000000 ret=7f8c5ebf3ab5
0014:Call ntdll.RtlFreeUnicodeString(0034f950) ret=7f8c5ec00239
0014:Ret  ntdll.RtlFreeUnicodeString() retval=00000001 ret=7f8c5ec00239
0014:Call advapi32.SetServiceStatus(00048bc0,0034f960) ret=7f8c5ec0034a
0014:Call rpcrt4.NdrClientInitializeNew(0034f300,0034f440,7f8c5ecbcd00,00000007) ret=7f8c5ec92468
0014:Ret  rpcrt4.NdrClientInitializeNew() retval=7f8c5ec87c2f ret=7f8c5ec92468
0014:Call rpcrt4.NDRCContextBinding(00048bc0) ret=7f8c5ec92479
0014:Ret  rpcrt4.NDRCContextBinding() retval=00048ab0 ret=7f8c5ec92479
0014:Call rpcrt4.NdrGetBuffer(0034f440,00000038,00048ab0) ret=7f8c5ec9249c
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a720 ret=7f8c5eb970b4
0014:Ret  rpcrt4.NdrGetBuffer() retval=0004a720 ret=7f8c5ec9249c
0014:Call rpcrt4.NdrClientContextMarshall(0034f440,00048bc0,00000000) ret=7f8c5ec924aa
0014:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f8c5ec924aa
0014:Call rpcrt4.NdrSimpleStructMarshall(0034f440,0034f960,7f8c5eca6c44) ret=7f8c5ec924bc
0014:Ret  rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7f8c5ec924bc
0014:Call rpcrt4.NdrSendReceive(0034f440,0004a750) ret=7f8c5ec924cc
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f8c5eb86f33
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b80 ret=7f8c5eb86f33
0014:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7f8c5eb84cd7
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a770 ret=7f8c5eb84cd7
0014:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034edc0,0004a770,00000048,00000000,00000000) ret=7f8c5eb8e5f6
0014:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f8c5eb8e5f6
0014:Call ntdll.RtlFreeHeap(00030000,00000000,0004a770) ret=7f8c5eb84d3f
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb84d3f
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b80) ret=7f8c5eb86fef
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86fef
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034ee40,7374756f00000010,00000000,00000000) ret=7f8c5eb8e777
0011:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0014:Ret  ntdll.NtReadFile() retval=00000103 ret=7f8c5eb8e777
0014:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f8c5eb8e79c
0011:Call KERNEL32.CloseHandle(000000d8) ret=7fe363e9e6ff
0011:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0011:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363e95f4b
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045610,00000008,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363e96011
0011:Ret  ntdll.RtlAllocateHeap() retval=00045e00 ret=7fe363e96011
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,00045e00,00000030,00000000,00000000) ret=7fe363e9e777
0011:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363ea70b4
0011:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363ea70b4
0011:Call ntdll.RtlFreeHeap(00030000,00000000,00045e00) ret=7fe363e96199
0011:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0011:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0011:Ret  ntdll.RtlAllocateHeap() retval=00045e00 ret=7fe363e992d1
0011:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045e00,00000010) ret=7fe363e9931b
0011:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0011:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0011:Ret  ntdll.RtlAllocateHeap() retval=00044460 ret=7fe363e99242
0013:Call rpcrt4.NdrServerInitializeNew(00043ec0,006af630,7fe36475ed20) ret=7fe36474c404
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474c404
0013:Call rpcrt4.NdrServerContextNewUnmarshall(006af630,7fe364758720) ret=7fe36474c4e1
0011:Call ntdll.NtReadFile(0000007c,000000b0,00000000,00000000,00044288,0047fb80,ffffffff00000010,00000000,00000000) ret=7fe363e9e777
0013:Call ntdll.RtlAcquireResourceExclusive(00045d48,00000001) ret=7fe363e8b140
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00045d10 ret=7fe36474c4e1
0013:Call rpcrt4.NdrSimpleStructUnmarshall(006af630,006af7d0,7fe364758724,00000000) ret=7fe36474c502
0013:Ret  rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7fe36474c502
0011:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Call KERNEL32.SetEvent(00000048) ret=7fe36473fc9e
0011:Call KERNEL32.WaitForSingleObject(000000b0,ffffffff) ret=7fe363e9e79c
0013:Ret  KERNEL32.SetEvent() retval=00000001 ret=7fe36473fc9e
0013:Call rpcrt4.I_RpcGetBuffer(00043ec0) ret=7fe36474c56d
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000008) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00045b60 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474c56d
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363ea81aa
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0013:Call ntdll.RtlReleaseResource(00045d48) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,0000001c) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=00045ba0 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(0000007c,000000d8,00000000,00000000,006af750,00045ba0,0000001c,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045ba0) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045340) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045b60) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00043ec0) ret=7fe363e9966b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045e00) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0014:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f8c5eb8e79c
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f8c5eb85f4b
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a770 ret=7f8c5eb85f4b
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0004a780,00000008,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=80000005 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f8c5eb86011
0014:Ret  ntdll.RtlAllocateHeap() retval=00048b80 ret=7f8c5eb86011
0014:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048b80,00000004,00000000,00000000) ret=7f8c5eb8e777
0014:Ret  ntdll.NtReadFile() retval=00000000 ret=7f8c5eb8e777
0014:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f8c5eb970b4
0014:Ret  ntdll.RtlAllocateHeap() retval=0004a7b0 ret=7f8c5eb970b4
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb861df
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb861df
0014:Call ntdll.RtlFreeHeap(00030000,00000000,00048b80) ret=7f8c5eb86199
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb86199
0014:Call ntdll.RtlFreeHeap(00030000,00000000,0004a770) ret=7f8c5eb87336
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb87336
0014:Call ntdll.RtlFreeHeap(00030000,00000000,0004a720) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f8c5ec924cc
0014:Call rpcrt4.NdrFreeBuffer(0034f440) ret=7f8c5ec92565
0014:Call ntdll.RtlFreeHeap(00030000,00000000,0004a7b0) ret=7f8c5eb970d9
0014:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5eb970d9
0014:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f8c5ec92565
0014:Ret  advapi32.SetServiceStatus() retval=00000001 ret=7f8c5ec0034a
0014:Ret  ntoskrnl.exe.ZwLoadDriver() retval=00000000 ret=7f8c60b2cfa5
0014:Call ntoskrnl.exe.RtlNtStatusToDosError(00000000) ret=7f8c60b2cfac
0014:Call ntdll.RtlNtStatusToDosError(00000000) ret=7bca105f
0014:Ret  ntdll.RtlNtStatusToDosError() retval=00000000 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlNtStatusToDosError() retval=00000000 ret=7f8c60b2cfac
0014:Call ntoskrnl.exe.RtlFreeUnicodeString(0034fb20) ret=7f8c60b2cf94
0014:Call ntdll.RtlFreeUnicodeString(0034fb20) ret=7bca105f
0014:Ret  ntdll.RtlFreeUnicodeString() retval=00000001 ret=7bca105f
0014:Ret  ntoskrnl.exe.RtlFreeUnicodeString() retval=00000001 ret=7f8c60b2cf94
000d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe364740a04
000d:Call KERNEL32.GetOverlappedResult(000000a4,0024fa40,0024fa3c,00000000) ret=7fe364740990
000d:Ret  KERNEL32.GetOverlappedResult() retval=00000001 ret=7fe364740990
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe364740823
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364740823
000d:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe364746401
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364746401
000d:Call KERNEL32.WaitForMultipleObjects(00000002,0024fb10,00000000,00002710) ret=7fe3647464eb
000d:Ret  KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7fe3647464eb
000d:Call KERNEL32.ReleaseMutex(0000009c) ret=7fe364746453
000d:Ret  KERNEL32.ReleaseMutex() retval=00000001 ret=7fe364746453
000d:Call KERNEL32.ExpandEnvironmentStringsW(00035fa0 L"C:\\windows\\system32\\plugplay.exe",00000000,00000000) ret=7fe3647455d3
000d:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000021 ret=7fe3647455d3
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000042) ret=7fe3647455f0
000d:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe3647455f0
000d:Call KERNEL32.ExpandEnvironmentStringsW(00035fa0 L"C:\\windows\\system32\\plugplay.exe",000456c0,00000021) ret=7fe36474560b
000d:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000021 ret=7fe36474560b
000d:Call advapi32.RegQueryValueExW(00000030,00000000,00000000,0024f7f0,0024f7d0,0024f7c8) ret=7fe364745678
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364745678
000d:Call advapi32.RegSetValueExW(00000030,00000000,00000000,00000004,7fe3647602d0,00000004) ret=7fe3647456b5
000d:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7fe3647456b5
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7fe3647456f4
000d:Ret  ntdll.RtlAllocateHeap() retval=00043ec0 ret=7fe3647456f4
000d:Call KERNEL32.CreateMutexW(00000000,00000001,00000000) ret=7fe364745716
000d:Ret  KERNEL32.CreateMutexW() retval=000000dc ret=7fe364745716
000d:Call KERNEL32.CreateNamedPipeW(7fe364760280 L"\\\\.\\pipe\\net\\NtControlPipe1",40000003,00000000,00000001,7fe300000100,00000100,00002710,00000000) ret=7fe36474577d
000d:Ret  KERNEL32.CreateNamedPipeW() retval=000000ec ret=7fe36474577d
000d:Call KERNEL32.ResetEvent(00000050) ret=7fe3647457e5
000d:Ret  KERNEL32.ResetEvent() retval=00000001 ret=7fe3647457e5
000d:Call KERNEL32.CreateProcessW(00000000,000456c0 L"C:\\windows\\system32\\plugplay.exe",00000000,00000000,7fe300000000,00000400,00370000,00000000,0024f7f0,0024f7d0) ret=7fe364745879
0018:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError"
0018:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32"
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,00000040) ret=7f8c5eb29f0d
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,00000040) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=000315b0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=000315b0 ret=7f8c5eb29f0d
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000044) ret=7f8c5eb284dc
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004a720 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004a720 ret=7f8c5eb284dc
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004a780 ret=7f8c5ebf4a67
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004a780) ret=7f8c5ebf71af
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf71af
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004a780 ret=7f8c5ebf4a67
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004a780) ret=7f8c5ebf71af
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf71af
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004a780 ret=7f8c5ebf4a67
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000002c) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=00047810 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00047810 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28a85
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28a85
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28aa2
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28aa2
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000000a) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000a) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004a940 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004a940 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000000a) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000a) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004a980 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004a980 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,000000da) ret=7f8c5eb2afd9
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,000000da) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004a9c0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004a9c0 ret=7f8c5eb2afd9
0016:Call ntoskrnl.exe.RtlInitUnicodeString(0004a9e8,0004aa08 L"\\??\\Volume{00000000-7e7b-f6fd-0000-000000000000}") ret=7f8c5eb2b00d
0016:Call ntdll.RtlInitUnicodeString(0004a9e8,0004aa08 L"\\??\\Volume{00000000-7e7b-f6fd-0000-000000000000}") ret=7bca105f
0016:Ret  ntdll.RtlInitUnicodeString() retval=00000060 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000060 ret=7f8c5eb2b00d
0016:Call ntoskrnl.exe.IoCreateSymbolicLink(0004a9e8,0004a8e8) ret=7f8c5eb2b0cd
0016:Call ntdll.NtCreateSymbolicLinkObject(0058f308,000f0001,0058f310,0004a8e8) ret=7f8c5ebf752c
0016:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f8c5ebf752c
0016:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7f8c5eb2b0cd
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb2be32
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2be32
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,0000000a) ret=7f8c5eb2be5a
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,0000000a) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004aab0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004aab0 ret=7f8c5eb2be5a
0016:Call advapi32.RegSetValueExW(00000050,0004aa08 L"\\??\\Volume{00000000-7e7b-f6fd-0000-000000000000}",00000000,00000003,0004aab0,7f8c0000000a) ret=7f8c5eb2beaa
0016:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f8c5eb2beaa
0016:Call KERNEL32.MultiByteToWideChar(0000fdf2,00000000,7f8c5401555c "329ab398-fb0a-414c-8d43-2432464ca5f0",00000024,0058f6c2,7f8c00000024) ret=7f8c5eb26717
0016:Ret  KERNEL32.MultiByteToWideChar() retval=00000024 ret=7f8c5eb26717
0016:Call ntoskrnl.exe.RtlInitUnicodeString(0058f6b0,0058f6c0 L"{329ab398-fb0a-414c-8d43-2432464ca5f0}") ret=7f8c5eb2674a
0016:Call ntdll.RtlInitUnicodeString(0058f6b0,0058f6c0 L"{329ab398-fb0a-414c-8d43-2432464ca5f0}") ret=7bca105f
0016:Ret  ntdll.RtlInitUnicodeString() retval=0000004c ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0000004c ret=7f8c5eb2674a
0016:Call ntoskrnl.exe.RtlGUIDFromString(0058f6b0,0058fb50) ret=7f8c5eb26755
0016:Call ntdll.RtlGUIDFromString(0058f6b0,0058fb50) ret=7bca105f
0016:Ret  ntdll.RtlGUIDFromString() retval=00000000 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlGUIDFromString() retval=00000000 ret=7f8c5eb26755
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,00000040) ret=7f8c5eb29f0d
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,00000040) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004aaf0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004aaf0 ret=7f8c5eb29f0d
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000044) ret=7f8c5eb284dc
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004ab40 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004ab40 ret=7f8c5eb284dc
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004aba0 ret=7f8c5ebf4a67
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004aba0) ret=7f8c5ebf71af
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf71af
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004aba0 ret=7f8c5ebf4a67
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004aba0) ret=7f8c5ebf71af
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf71af
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004aba0 ret=7f8c5ebf4a67
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004aba0) ret=7f8c5ebf71af
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf71af
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004aba0 ret=7f8c5ebf4a67
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000002c) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004ad60 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004ad60 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28a85
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28a85
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28aa2
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28aa2
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000000a) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000a) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004ada0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004ada0 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000006) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,00000006) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004ade0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004ade0 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,000000da) ret=7f8c5eb2afd9
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,000000da) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004ae20 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004ae20 ret=7f8c5eb2afd9
0016:Call ntoskrnl.exe.RtlInitUnicodeString(0004ae48,0004ae68 L"\\??\\Volume{329ab398-fb0a-414c-8d43-2432464ca5f0}") ret=7f8c5eb2b00d
0016:Call ntdll.RtlInitUnicodeString(0004ae48,0004ae68 L"\\??\\Volume{329ab398-fb0a-414c-8d43-2432464ca5f0}") ret=7bca105f
0016:Ret  ntdll.RtlInitUnicodeString() retval=00000060 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000060 ret=7f8c5eb2b00d
0016:Call ntoskrnl.exe.IoCreateSymbolicLink(0004ae48,0004ad08) ret=7f8c5eb2b0cd
0016:Call ntdll.NtCreateSymbolicLinkObject(0058f308,000f0001,0058f310,0004ad08) ret=7f8c5ebf752c
0016:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f8c5ebf752c
0016:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7f8c5eb2b0cd
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb2be32
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2be32
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,00000006) ret=7f8c5eb2be5a
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,00000006) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004af10 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004af10 ret=7f8c5eb2be5a
0016:Call advapi32.RegSetValueExW(00000050,0004ae68 L"\\??\\Volume{329ab398-fb0a-414c-8d43-2432464ca5f0}",00000000,00000003,0004af10,7f8c00000006) ret=7f8c5eb2beaa
0016:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f8c5eb2beaa
0016:Call KERNEL32.MultiByteToWideChar(0000fdf2,00000000,7f8c54015d44 "e5914f34-9571-4cb1-a36d-03f6fc4b3028",00000024,0058f6c2,7f8c00000024) ret=7f8c5eb26717
0016:Ret  KERNEL32.MultiByteToWideChar() retval=00000024 ret=7f8c5eb26717
0016:Call ntoskrnl.exe.RtlInitUnicodeString(0058f6b0,0058f6c0 L"{e5914f34-9571-4cb1-a36d-03f6fc4b3028}") ret=7f8c5eb2674a
0016:Call ntdll.RtlInitUnicodeString(0058f6b0,0058f6c0 L"{e5914f34-9571-4cb1-a36d-03f6fc4b3028}") ret=7bca105f
0016:Ret  ntdll.RtlInitUnicodeString() retval=0000004c ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0000004c ret=7f8c5eb2674a
0016:Call ntoskrnl.exe.RtlGUIDFromString(0058f6b0,0058fb50) ret=7f8c5eb26755
0016:Call ntdll.RtlGUIDFromString(0058f6b0,0058fb50) ret=7bca105f
0016:Ret  ntdll.RtlGUIDFromString() retval=00000000 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlGUIDFromString() retval=00000000 ret=7f8c5eb26755
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,00000040) ret=7f8c5eb29f0d
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,00000040) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004af50 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004af50 ret=7f8c5eb29f0d
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000044) ret=7f8c5eb284dc
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004afa0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004afa0 ret=7f8c5eb284dc
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b000 ret=7f8c5ebf4a67
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004b000) ret=7f8c5ebf71af
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf71af
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b000 ret=7f8c5ebf4a67
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004b000) ret=7f8c5ebf71af
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf71af
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b000 ret=7f8c5ebf4a67
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004b000) ret=7f8c5ebf71af
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf71af
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b000 ret=7f8c5ebf4a67
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004b000) ret=7f8c5ebf71af
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f8c5ebf71af
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.IoCreateDevice(00049340,00000050,0058f600,00000000,00000000,00000000,0058f5f8) ret=7f8c5eb28545
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,000001a8) ret=7f8c5ebf4a67
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b000 ret=7f8c5ebf4a67
0016:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7f8c5eb28545
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000002c) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b1c0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004b1c0 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28a85
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28a85
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28aa2
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28aa2
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000000a) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000a) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b200 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004b200 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000000a) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000a) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b240 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004b240 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,000000da) ret=7f8c5eb2afd9
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,000000da) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b280 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004b280 ret=7f8c5eb2afd9
0016:Call ntoskrnl.exe.RtlInitUnicodeString(0004b2a8,0004b2c8 L"\\??\\Volume{e5914f34-9571-4cb1-a36d-03f6fc4b3028}") ret=7f8c5eb2b00d
0016:Call ntdll.RtlInitUnicodeString(0004b2a8,0004b2c8 L"\\??\\Volume{e5914f34-9571-4cb1-a36d-03f6fc4b3028}") ret=7bca105f
0016:Ret  ntdll.RtlInitUnicodeString() retval=00000060 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000060 ret=7f8c5eb2b00d
0016:Call ntoskrnl.exe.IoCreateSymbolicLink(0004b2a8,0004b168) ret=7f8c5eb2b0cd
0016:Call ntdll.NtCreateSymbolicLinkObject(0058f308,000f0001,0058f310,0004b168) ret=7f8c5ebf752c
0016:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f8c5ebf752c
0016:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7f8c5eb2b0cd
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb2be32
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2be32
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,0000000a) ret=7f8c5eb2be5a
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,0000000a) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b370 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004b370 ret=7f8c5eb2be5a
0016:Call advapi32.RegSetValueExW(00000050,0004b2c8 L"\\??\\Volume{e5914f34-9571-4cb1-a36d-03f6fc4b3028}",00000000,00000003,0004b370,7f8c0000000a) ret=7f8c5eb2beaa
0016:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f8c5eb2beaa
0016:Call KERNEL32.MultiByteToWideChar(0000fdf2,00000000,7f8c54016504 "644d136b-6a76-48e7-8ec9-f4bad9065723",00000024,0058f6c2,7f8c00000024) ret=7f8c5eb26717
0016:Ret  KERNEL32.MultiByteToWideChar() retval=00000024 ret=7f8c5eb26717
0016:Call ntoskrnl.exe.RtlInitUnicodeString(0058f6b0,0058f6c0 L"{644d136b-6a76-48e7-8ec9-f4bad9065723}") ret=7f8c5eb2674a
0016:Call ntdll.RtlInitUnicodeString(0058f6b0,0058f6c0 L"{644d136b-6a76-48e7-8ec9-f4bad9065723}") ret=7bca105f
0016:Ret  ntdll.RtlInitUnicodeString() retval=0000004c ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0000004c ret=7f8c5eb2674a
0016:Call ntoskrnl.exe.RtlGUIDFromString(0058f6b0,0058fb50) ret=7f8c5eb26755
0016:Call ntdll.RtlGUIDFromString(0058f6b0,0058fb50) ret=7bca105f
0016:Ret  ntdll.RtlGUIDFromString() retval=00000000 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlGUIDFromString() retval=00000000 ret=7f8c5eb26755
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000002c) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b3b0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004b3b0 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb28a85
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28a85
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00049fe0) ret=7f8c5eb28aa2
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00049fe0) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb28aa2
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,0000000a) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000a) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=00049fe0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=00049fe0 ret=7f8c5eb2841a
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,00000002) ret=7f8c5eb2841a
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,00000002) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004b3f0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004b3f0 ret=7f8c5eb2841a
0016:Call advapi32.RegDeleteValueW(00000050,0004a068 L"\\??\\Volume{00000000-0000-0000-0000-00000000005a}") ret=7f8c5eb2c05e
0016:Ret  advapi32.RegDeleteValueW() retval=00000000 ret=7f8c5eb2c05e
0016:Call ntoskrnl.exe.IoDeleteSymbolicLink(0004a048) ret=7f8c5eb2c067
0016:Call ntdll.NtOpenSymbolicLinkObject(0058f408,00000000,0058f410) ret=7f8c5ebf7649
0016:Ret  ntdll.NtOpenSymbolicLinkObject() retval=00000000 ret=7f8c5ebf7649
0016:Call ntdll.NtClose(00000090) ret=7f8c5ebf7730
0016:Ret  ntdll.NtClose() retval=00000000 ret=7f8c5ebf7730
0016:Ret  ntoskrnl.exe.IoDeleteSymbolicLink() retval=00000000 ret=7f8c5eb2c067
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,0004a1c0) ret=7f8c5eb2c07f
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004a1c0) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2c07f
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,0004a020) ret=7f8c5eb2c096
0016:Call ntdll.RtlFreeHeap(00030000,00000000,0004a020) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2c096
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000000,000000da) ret=7f8c5eb2afd9
0016:Call ntdll.RtlAllocateHeap(00030000,00000000,000000da) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004a020 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004a020 ret=7f8c5eb2afd9
0016:Call ntoskrnl.exe.RtlInitUnicodeString(0004a048,0004a068 L"\\??\\Volume{644d136b-6a76-48e7-8ec9-f4bad9065723}") ret=7f8c5eb2b00d
0016:Call ntdll.RtlInitUnicodeString(0004a048,0004a068 L"\\??\\Volume{644d136b-6a76-48e7-8ec9-f4bad9065723}") ret=7bca105f
0016:Ret  ntdll.RtlInitUnicodeString() retval=00000060 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000060 ret=7f8c5eb2b00d
0016:Call ntoskrnl.exe.IoCreateSymbolicLink(0004a048,00049f88) ret=7f8c5eb2b0cd
0016:Call ntdll.NtCreateSymbolicLinkObject(0058f308,000f0001,0058f310,00049f88) ret=7f8c5ebf752c
0016:Ret  ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7f8c5ebf752c
0016:Ret  ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7f8c5eb2b0cd
0016:Call ntoskrnl.exe.RtlFreeHeap(00030000,00000000,00000000) ret=7f8c5eb2be32
0016:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7bca105f
0016:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlFreeHeap() retval=00000001 ret=7f8c5eb2be32
0016:Call ntoskrnl.exe.RtlAllocateHeap(00030000,00000008,00000004) ret=7f8c5eb2be5a
0016:Call ntdll.RtlAllocateHeap(00030000,00000008,00000004) ret=7bca105f
0016:Ret  ntdll.RtlAllocateHeap() retval=0004a1c0 ret=7bca105f
0016:Ret  ntoskrnl.exe.RtlAllocateHeap() retval=0004a1c0 ret=7f8c5eb2be5a
0016:Call advapi32.RegSetValueExW(00000050,0004a068 L"\\??\\Volume{644d136b-6a76-48e7-8ec9-f4bad9065723}",00000000,00000003,0004a1c0,7f8c00000004) ret=7f8c5eb2beaa
0016:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f8c5eb2beaa
0018:Call KERNEL32.__wine_kernel_init() ret=7bc85261
0018:Ret  KERNEL32.__wine_kernel_init() retval=7b47d405 ret=7bc85261
000d:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7fe364745879
000d:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe364745892
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364745892
000d:Call KERNEL32.CloseHandle(000000fc) ret=7fe3647458be
000d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe3647458be
000d:Call KERNEL32.ConnectNamedPipe(000000ec,0024faf0) ret=7fe36474624a
000d:Ret  KERNEL32.ConnectNamedPipe() retval=00000000 ret=7fe36474624a
000d:Call KERNEL32.WaitForMultipleObjects(00000002,0024fb10,00000000,00002710) ret=7fe364746577
0018:Call PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0018:Ret  PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0018:Call PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0018:Ret  PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0018:Call PE DLL (proc=0x7fa1ce6231d4,module=0x7fa1ce5d0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0018:Ret  PE DLL (proc=0x7fa1ce6231d4,module=0x7fa1ce5d0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0018:Call PE DLL (proc=0x7fa1d04c7699,module=0x7fa1d04c0000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0018:Call ntdll.LdrDisableThreadCalloutsForDll(7fa1d04c0000) ret=7fa1d04c7692
0018:Ret  ntdll.LdrDisableThreadCalloutsForDll() retval=00000000 ret=7fa1d04c7692
0018:Ret  PE DLL (proc=0x7fa1d04c7699,module=0x7fa1d04c0000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0018:Starting process L"C:\\windows\\system32\\plugplay.exe" (entryproc=0x7fa1d04b2b90)
0018:Call advapi32.StartServiceCtrlDispatcherW(7fa1d04b4dc0) ret=7fa1d04b2b89
0018:Call PE DLL (proc=0x7fa1ce588e5b,module=0x7fa1ce530000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil))
0018:Ret  PE DLL (proc=0x7fa1ce588e5b,module=0x7fa1ce530000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0018:Call rpcrt4.NdrClientInitializeNew(0024f1b0,0024f2f0,7fa1ce642d00,0000000f) ret=7fa1ce61a2a4
0018:Ret  rpcrt4.NdrClientInitializeNew() retval=7fa1ce60dc2f ret=7fa1ce61a2a4
0018:Call rpcrt4.RpcStringBindingComposeW(00000000,0024f060 L"ncacn_np",00000000,0024f080 L"\\pipe\\svcctl",00000000,0024f050) ret=7fa1ce60d25f
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7fa1ce56bc0c
0018:Ret  ntdll.RtlAllocateHeap() retval=000314c0 ret=7fa1ce56bc0c
0018:Ret  rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7fa1ce60d25f
0018:Call rpcrt4.RpcBindingFromStringBindingW(000314c0 L"ncacn_np:[\\\\pipe\\\\svcctl]",0024f058) ret=7fa1ce60d2c0
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7fa1ce56a9c5
0018:Ret  ntdll.RtlAllocateHeap() retval=00031530 ret=7fa1ce56a9c5
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000002) ret=7fa1ce56a9c5
0018:Ret  ntdll.RtlAllocateHeap() retval=00031300 ret=7fa1ce56a9c5
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7fa1ce56a9c5
0018:Ret  ntdll.RtlAllocateHeap() retval=00031340 ret=7fa1ce56a9c5
0018:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7fa1ce56a908
0018:Ret  ntdll.RtlAllocateHeap() retval=00031380 ret=7fa1ce56a908
0018:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031530 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000) ret=7fa1ce56ab63
0018:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7fa1ce56ab63
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fa1ce56ab7d
0018:Ret  ntdll.RtlAllocateHeap() retval=000316c0 ret=7fa1ce56ab7d
0018:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031530 L"ncacn_np",ffffffff,000316c0,00000009,00000000,00000000) ret=7fa1ce56abae
0018:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7fa1ce56abae
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce56e8a2
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce56e8a2
0018:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031300 L"",ffffffff,00000000,00000000,00000000,00000000) ret=7fa1ce56ab63
0018:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7fa1ce56ab63
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7fa1ce56ab7d
0018:Ret  ntdll.RtlAllocateHeap() retval=00031700 ret=7fa1ce56ab7d
0018:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031300 L"",ffffffff,00031700,00000001,00000000,00000000) ret=7fa1ce56abae
0018:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7fa1ce56abae
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce56e8d2
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce56e8d2
0018:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031340 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000) ret=7fa1ce56ab63
0018:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7fa1ce56ab63
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fa1ce56ab7d
0018:Ret  ntdll.RtlAllocateHeap() retval=00031740 ret=7fa1ce56ab7d
0018:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031340 L"\\pipe\\svcctl",ffffffff,00031740,0000000d,00000000,00000000) ret=7fa1ce56abae
0018:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7fa1ce56abae
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce56e8fd
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce56e8fd
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,000000a0) ret=7fa1ce568f57
0018:Ret  ntdll.RtlAllocateHeap() retval=00031780 ret=7fa1ce568f57
0018:Call KERNEL32.InitializeCriticalSection(000317d0) ret=7fa1ce568f97
0018:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fa1ce568f97
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fa1ce56aafb
0018:Ret  ntdll.RtlAllocateHeap() retval=00031870 ret=7fa1ce56aafb
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7fa1ce56aafb
0018:Ret  ntdll.RtlAllocateHeap() retval=000318b0 ret=7fa1ce56aafb
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fa1ce56aafb
0018:Ret  ntdll.RtlAllocateHeap() retval=00040ad0 ret=7fa1ce56aafb
0018:Call advapi32.SystemFunction036(000317bc,00000010) ret=7fa1ce584e90
0018:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fa1ce584e90
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce584723
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce584723
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031340) ret=7fa1ce584723
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce584723
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031300) ret=7fa1ce584723
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce584723
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031530) ret=7fa1ce584723
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce584723
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce584723
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce584723
0018:Ret  rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7fa1ce60d2c0
0018:Call rpcrt4.RpcStringFreeW(0024f050) ret=7fa1ce60d2ca
0018:Call ntdll.RtlFreeHeap(00030000,00000000,000314c0) ret=7fa1ce584723
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce584723
0018:Ret  rpcrt4.RpcStringFreeW() retval=00000000 ret=7fa1ce60d2ca
0018:Call rpcrt4.NdrPointerBufferSize(0024f2f0,00000000,7fa1ce62cd0c) ret=7fa1ce61a2d1
0018:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7fa1ce61a2d1
0018:Call rpcrt4.NdrPointerBufferSize(0024f2f0,00000000,7fa1ce62d1f0) ret=7fa1ce61a2e3
0018:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7fa1ce61a2e3
0018:Call rpcrt4.NdrGetBuffer(0024f2f0,00000010,00031380) ret=7fa1ce61a2fa
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fa1ce5860b4
0018:Ret  ntdll.RtlAllocateHeap() retval=00031300 ret=7fa1ce5860b4
0018:Call ntdll.RtlAllocateHeap(00030000,00000008,00000118) ret=7fa1ce57c4ef
0018:Ret  ntdll.RtlAllocateHeap() retval=00040b10 ret=7fa1ce57c4ef
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7fa1ce56aafb
0018:Ret  ntdll.RtlAllocateHeap() retval=000314c0 ret=7fa1ce56aafb
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fa1ce56aafb
0018:Ret  ntdll.RtlAllocateHeap() retval=00031500 ret=7fa1ce56aafb
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fa1ce5860b4
0018:Ret  ntdll.RtlAllocateHeap() retval=00031540 ret=7fa1ce5860b4
0018:Call KERNEL32.CreateFileA(00031540 "\\\\.\\pipe\\svcctl",c0000000,00000000,00000000,00000003,7fa140000000,00000000) ret=7fa1ce57d290
0018:Ret  KERNEL32.CreateFileA() retval=00000020 ret=7fa1ce57d290
0018:Call KERNEL32.SetNamedPipeHandleState(00000020,0024ec04,00000000,00000000) ret=7fa1ce57d408
0018:Ret  KERNEL32.SetNamedPipeHandleState() retval=00000001 ret=7fa1ce57d408
000e:Ret  KERNEL32.WaitForMultipleObjectsEx() retval=00000001 ret=7fe363ea3d32
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031540) ret=7fa1ce5860d9
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5860d9
0018:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7fa1ce572fd2
0018:Ret  ntdll.RtlAllocateHeap() retval=00031540 ret=7fa1ce572fd2
000e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000118) ret=7fe363e9d4ef
0018:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7fa1ce584492
0018:Ret  ntdll.RtlAllocateHeap() retval=00040c40 ret=7fa1ce584492
000e:Ret  ntdll.RtlAllocateHeap() retval=00045b60 ret=7fe363e9d4ef
0018:Call KERNEL32.InitializeCriticalSection(00040c50) ret=7fa1ce5844a3
000e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bafb
0018:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fa1ce5844a3
0018:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7fa1ce573cd7
000e:Ret  ntdll.RtlAllocateHeap() retval=00044f40 ret=7fe363e8bafb
0018:Ret  ntdll.RtlAllocateHeap() retval=00040cf0 ret=7fa1ce573cd7
000e:Call KERNEL32.CreateNamedPipeA(00043cc0 "\\\\.\\pipe\\svcctl",40000003,00000006,000000ff,000016d0,000016d0,7fe300001388,00000000) ret=7fe363e9e83a
0018:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0024eb40,00040cf0,00000048,00000000,00000000) ret=7fa1ce57d5f6
000e:Ret  KERNEL32.CreateNamedPipeA() retval=000000f0 ret=7fe363e9e83a
000e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea0c0d
000e:Ret  ntdll.RtlAllocateHeap() retval=00045340 ret=7fe363ea0c0d
000e:Call KERNEL32.GetComputerNameA(00045340,0034fc04) ret=7fe363ea0c1e
0018:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fa1ce57d5f6
000e:Ret  KERNEL32.GetComputerNameA() retval=00000001 ret=7fe363ea0c1e
000e:Call KERNEL32.CreateThread(00000000,00000000,7fe363e9911c,00045b60,00000000,00000000) ret=7fe363e9982d
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00040cf0) ret=7fa1ce573d3f
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce573d3f
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031540) ret=7fa1ce57348f
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce57348f
0018:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,0024eb70,7374756f00000010,00000000,00000000) ret=7fa1ce57d777
000e:Ret  KERNEL32.CreateThread() retval=000000f4 ret=7fe363e9982d
000e:Call KERNEL32.CloseHandle(000000f4) ret=7fe363e9983d
000e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9983d
0018:Ret  ntdll.NtReadFile() retval=00000103 ret=7fa1ce57d777
0018:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7fa1ce57d79c
000e:Call ntdll.NtFsControlFile(000000f0,00000090,00000000,00000000,00043c48,00110008,00000000,7fe300000000,00000000,00000000) ret=7fe363e9e9b2
000e:Ret  ntdll.NtFsControlFile() retval=00000103 ret=7fe363e9e9b2
000e:Call ntdll.RtlReAllocateHeap(00030000,00000000,00043d70,00000010) ret=7fe363e9ea45
000e:Ret  ntdll.RtlReAllocateHeap() retval=00043d70 ret=7fe363e9ea45
000e:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00043d70,00000000,ffffffff,00000001) ret=7fe363ea3d32
0019:Call PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
0019:Ret  PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0019:Starting thread proc 0x7fe363e9911c (arg=0x45b60)
0019:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0019:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363e99242
0019:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7fe363ea5492
0019:Ret  ntdll.RtlAllocateHeap() retval=00045550 ret=7fe363ea5492
0019:Call KERNEL32.InitializeCriticalSection(00045560) ret=7fe363ea54a3
0019:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fe363ea54a3
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,007dfb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0019:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001c) ret=7fe363e95f4b
0019:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363e95f4b
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,00045610,0000000c,00000000,00000000) ret=7fe363e9e777
0019:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7fe363e96011
0019:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363e96011
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,000457d0,0000002c,00000000,00000000) ret=7fe363e9e777
0019:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7fe363ea70b4
0019:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363ea70b4
0019:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363e96199
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e98bb0
0019:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363e98bb0
0019:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7fe363e8b908
0019:Ret  ntdll.RtlAllocateHeap() retval=00045130 ret=7fe363e8b908
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fe363e8bafb
0019:Ret  ntdll.RtlAllocateHeap() retval=00044e50 ret=7fe363e8bafb
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000f) ret=7fe363e8bafb
0019:Ret  ntdll.RtlAllocateHeap() retval=00045c90 ret=7fe363e8bafb
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bafb
0019:Ret  ntdll.RtlAllocateHeap() retval=00045e80 ret=7fe363e8bafb
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,000000a0) ret=7fe363e89f57
0019:Ret  ntdll.RtlAllocateHeap() retval=00045ec0 ret=7fe363e89f57
0019:Call KERNEL32.InitializeCriticalSection(00045f10) ret=7fe363e89f97
0019:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fe363e89f97
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fe363e8bafb
0019:Ret  ntdll.RtlAllocateHeap() retval=00045fb0 ret=7fe363e8bafb
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000f) ret=7fe363e8bafb
0019:Ret  ntdll.RtlAllocateHeap() retval=00045ff0 ret=7fe363e8bafb
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bafb
0019:Ret  ntdll.RtlAllocateHeap() retval=00046030 ret=7fe363e8bafb
0019:Call advapi32.SystemFunction036(00045efc,00000010) ret=7fe363ea5e90
0019:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0019:Call ntdll.RtlAllocateHeap(00030000,00000008,00000044) ret=7fe363e9411a
0019:Ret  ntdll.RtlAllocateHeap() retval=00046070 ret=7fe363e9411a
0019:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363e98d98
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e98d98
0019:Call ntdll.RtlAllocateHeap(00030000,00000008,00000044) ret=7fe363e94cd7
0019:Ret  ntdll.RtlAllocateHeap() retval=000460d0 ret=7fe363e94cd7
0019:Call ntdll.NtWriteFile(000000a8,000000f4,00000000,00000000,007dfb20,000460d0,00000044,00000000,00000000) ret=7fe363e9e5f6
0019:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0019:Call ntdll.RtlFreeHeap(00030000,00000000,000460d0) ret=7fe363e94d3f
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0019:Call ntdll.RtlFreeHeap(00030000,00000000,00046070) ret=7fe363e9448f
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0019:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363ea70d9
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0019:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363e9448f
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0019:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe363e99203
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99203
0019:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e9921c
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9921c
0019:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0019:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363e99242
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,007dfb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0018:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fa1ce57d79c
0019:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce574f4b
0019:Call KERNEL32.WaitForSingleObject(000000f4,ffffffff) ret=7fe363e9e79c
0018:Ret  ntdll.RtlAllocateHeap() retval=00040cf0 ret=7fa1ce574f4b
0018:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,00040d00,00000008,00000000,00000000) ret=7fa1ce57d777
0018:Ret  ntdll.NtReadFile() retval=80000005 ret=7fa1ce57d777
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7fa1ce575011
0018:Ret  ntdll.RtlAllocateHeap() retval=00031540 ret=7fa1ce575011
0018:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,00031540,0000002c,00000000,00000000) ret=7fa1ce57d777
0018:Ret  ntdll.NtReadFile() retval=00000000 ret=7fa1ce57d777
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7fa1ce5860b4
0018:Ret  ntdll.RtlAllocateHeap() retval=00040d30 ret=7fa1ce5860b4
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031540) ret=7fa1ce575199
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce575199
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00040d30) ret=7fa1ce5860d9
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5860d9
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00040cf0) ret=7fa1ce57348f
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce57348f
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce569abf
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce569abf
0018:Ret  rpcrt4.NdrGetBuffer() retval=00031300 ret=7fa1ce61a2fa
0018:Call rpcrt4.NdrPointerMarshall(0024f2f0,00000000,7fa1ce62cd0c) ret=7fa1ce61a30c
0018:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7fa1ce61a30c
0018:Call rpcrt4.NdrPointerMarshall(0024f2f0,00000000,7fa1ce62d1f0) ret=7fa1ce61a31e
0018:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7fa1ce61a31e
0018:Call rpcrt4.NdrSendReceive(0024f2f0,0003130c) ret=7fa1ce61a384
0018:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fa1ce575f33
0018:Ret  ntdll.RtlAllocateHeap() retval=00031540 ret=7fa1ce575f33
0018:Call ntdll.RtlAllocateHeap(00030000,00000008,00000024) ret=7fa1ce573cd7
0018:Ret  ntdll.RtlAllocateHeap() retval=00040cf0 ret=7fa1ce573cd7
0018:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0024ec70,00040cf0,00000024,00000000,00000000) ret=7fa1ce57d5f6
0018:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fa1ce57d5f6
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00040cf0) ret=7fa1ce573d3f
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce573d3f
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031540) ret=7fa1ce575fef
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce575fef
0018:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,0024ecf0,7374756f00000010,00000000,00000000) ret=7fa1ce57d777
0019:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0019:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe363e95f4b
0018:Ret  ntdll.NtReadFile() retval=00000103 ret=7fa1ce57d777
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,00045610,00000008,00000000,00000000) ret=7fe363e9e777
0018:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7fa1ce57d79c
0019:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363e96011
0019:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363e96011
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,000457d0,0000000c,00000000,00000000) ret=7fe363e9e777
0019:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363ea70b4
0019:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363ea70b4
0019:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363e96199
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0019:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363e992d1
0019:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000457d0,00000010) ret=7fe363e9931b
0019:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0019:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0019:Ret  ntdll.RtlAllocateHeap() retval=000460b0 ret=7fe363e99242
0012:Call rpcrt4.NdrServerInitializeNew(000456c0,0059f620,7fe36475ed20) ret=7fe36474ca88
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,007dfb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474ca88
0012:Call rpcrt4.NdrPointerUnmarshall(0059f620,0059f7b8,7fe3647587ec,00000000) ret=7fe36474cb7c
0012:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb7c
0012:Call rpcrt4.NdrPointerUnmarshall(0059f620,0059f7c0,7fe364758cd0,00000000) ret=7fe36474cb95
0012:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb95
0019:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0012:Call rpcrt4.NdrContextHandleInitialize(0059f620,7fe3647587f4) ret=7fe36474cbfd
0019:Call KERNEL32.WaitForSingleObject(000000f4,ffffffff) ret=7fe363e9e79c
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0012:Ret  ntdll.RtlAllocateHeap() retval=000462c0 ret=7fe363e8afef
0012:Call ntdll.RtlInitializeResource(000462f8) ret=7fe363e8b007
0012:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0012:Call ntdll.RtlAcquireResourceExclusive(000462f8,00000001) ret=7fe363e8b01e
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=000463b0 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrContextHandleInitialize() retval=000462c0 ret=7fe36474cbfd
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe36473ec5f
0012:Ret  ntdll.RtlAllocateHeap() retval=000463f0 ret=7fe36473ec5f
0012:Call ntdll.RtlMapGenericMask(000463f4,7fe364757840) ret=7fe36473ec92
0012:Ret  ntdll.RtlMapGenericMask() retval=00000001 ret=7fe36473ec92
0012:Call rpcrt4.I_RpcGetBuffer(000456c0) ret=7fe36474cc4c
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00046430 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474cc4c
0012:Call rpcrt4.NdrServerContextNewMarshall(0059f620,000462c0,7fe36474416c,7fe3647587f4) ret=7fe36474cc83
0012:Call advapi32.SystemFunction036(000462e8,00000010) ret=7fe363ea5e90
0012:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000463b0) ret=7fe363ea8141
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0012:Call ntdll.RtlReleaseResource(000462f8) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474cc83
0012:Call rpcrt4.NdrPointerFree(0059f620,00000000,7fe3647587ec) ret=7fe36474a76b
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a76b
0012:Call rpcrt4.NdrPointerFree(0059f620,00000000,7fe364758cd0) ret=7fe36474a781
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a781
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=000463b0 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=00046470 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(000000a8,00000104,00000000,00000000,0059f750,00046470,00000030,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046470) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000463b0) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0018:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fa1ce57d79c
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe363ea70d9
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce574f4b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0018:Ret  ntdll.RtlAllocateHeap() retval=00040cf0 ret=7fa1ce574f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046430) ret=7fe363ea70d9
0018:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,00040d00,00000008,00000000,00000000) ret=7fa1ce57d777
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045600) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363e9966b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0018:Ret  ntdll.NtReadFile() retval=80000005 ret=7fa1ce57d777
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce575011
0018:Ret  ntdll.RtlAllocateHeap() retval=00031540 ret=7fa1ce575011
0018:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,00031540,00000018,00000000,00000000) ret=7fa1ce57d777
0018:Ret  ntdll.NtReadFile() retval=00000000 ret=7fa1ce57d777
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce5860b4
0018:Ret  ntdll.RtlAllocateHeap() retval=00040d30 ret=7fa1ce5860b4
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce5751df
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5751df
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031540) ret=7fa1ce575199
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce575199
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00040cf0) ret=7fa1ce576336
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce576336
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031300) ret=7fa1ce5860d9
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5860d9
0018:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7fa1ce61a384
0018:Call rpcrt4.NdrClientContextUnmarshall(0024f2f0,0024f6e0,00031380) ret=7fa1ce61a3cb
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fa1ce548958
0018:Ret  ntdll.RtlAllocateHeap() retval=00031540 ret=7fa1ce548958
0018:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7fa1ce56d4e8
0018:Ret  ntdll.RtlAllocateHeap() retval=00040d70 ret=7fa1ce56d4e8
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fa1ce56aafb
0018:Ret  ntdll.RtlAllocateHeap() retval=00040cf0 ret=7fa1ce56aafb
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7fa1ce56aafb
0018:Ret  ntdll.RtlAllocateHeap() retval=00031300 ret=7fa1ce56aafb
0018:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fa1ce56aafb
0018:Ret  ntdll.RtlAllocateHeap() retval=00040e00 ret=7fa1ce56aafb
0018:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7fa1ce61a3cb
0018:Call rpcrt4.NdrFreeBuffer(0024f2f0) ret=7fa1ce616b51
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00040d30) ret=7fa1ce5860d9
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5860d9
0018:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fa1ce616b51
0018:Call rpcrt4.RpcBindingFree(0024f090) ret=7fa1ce60e083
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031740) ret=7fa1ce56defd
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce56defd
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031700) ret=7fa1ce56df15
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce56df15
0018:Call ntdll.RtlFreeHeap(00030000,00000000,000316c0) ret=7fa1ce56df2d
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce56df2d
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce56df45
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce56df45
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce56df5d
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce56df5d
0018:Call ntdll.RtlFreeHeap(00030000,00000000,00031380) ret=7fa1ce56df90
0018:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce56df90
0018:Ret  rpcrt4.RpcBindingFree() retval=00000000 ret=7fa1ce60e083
000d:Ret  KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7fe364746577
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000014) ret=7fe364746307
000d:Ret  ntdll.RtlAllocateHeap() retval=000463b0 ret=7fe364746307
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000036) ret=7fe36474071f
000d:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe36474071f
000d:Call KERNEL32.WriteFile(000000ec,00044300,00000036,0024fa3c,0024fa40) ret=7fe3647407b9
000d:Ret  KERNEL32.WriteFile() retval=00000001 ret=7fe3647407b9
000d:Call KERNEL32.ReadFile(000000ec,0024fae4,00000004,0024fa3c,0024fa40) ret=7fe36474092c
000d:Ret  KERNEL32.ReadFile() retval=00000000 ret=7fe36474092c
000d:Call KERNEL32.WaitForSingleObject(000000e8,00002710) ret=7fe364740a04
001a:Call PE DLL (proc=0x7fa1ce588e5b,module=0x7fa1ce530000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
001a:Ret  PE DLL (proc=0x7fa1ce588e5b,module=0x7fa1ce530000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
001a:Starting thread proc 0x7fa1ce60f101 (arg=0x312c0)
001a:Call rpcrt4.NdrClientInitializeNew(0034f690,0034f7d0,7fa1ce642d00,00000010) ret=7fa1ce61a5d7
001a:Ret  rpcrt4.NdrClientInitializeNew() retval=7fa1ce60dc2f ret=7fa1ce61a5d7
001a:Call rpcrt4.NDRCContextBinding(00031540) ret=7fa1ce61a5e8
001a:Ret  rpcrt4.NDRCContextBinding() retval=00040d70 ret=7fa1ce61a5e8
001a:Call rpcrt4.NdrConformantStringBufferSize(0034f7d0,00040d30,7fa1ce62cd22) ret=7fa1ce61a60d
001a:Ret  rpcrt4.NdrConformantStringBufferSize() retval=0000003e ret=7fa1ce61a60d
001a:Call rpcrt4.NdrGetBuffer(0034f7d0,0000003e,00040d70) ret=7fa1ce61a624
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003e) ret=7fa1ce5860b4
001a:Ret  ntdll.RtlAllocateHeap() retval=00031380 ret=7fa1ce5860b4
001a:Ret  rpcrt4.NdrGetBuffer() retval=00031380 ret=7fa1ce61a624
001a:Call rpcrt4.NdrClientContextMarshall(0034f7d0,00031540,00000000) ret=7fa1ce61a632
001a:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7fa1ce61a632
001a:Call rpcrt4.NdrConformantStringMarshall(0034f7d0,00040d30,7fa1ce62cd22) ret=7fa1ce61a644
001a:Ret  rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7fa1ce61a644
001a:Call rpcrt4.NdrSendReceive(0034f7d0,000313b8) ret=7fa1ce61a6aa
001a:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fa1ce575f33
001a:Ret  ntdll.RtlAllocateHeap() retval=000316c0 ret=7fa1ce575f33
001a:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7fa1ce584492
001a:Ret  ntdll.RtlAllocateHeap() retval=00031700 ret=7fa1ce584492
001a:Call KERNEL32.InitializeCriticalSection(00031710) ret=7fa1ce5844a3
001a:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fa1ce5844a3
001a:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fa1ce573cd7
001a:Ret  ntdll.RtlAllocateHeap() retval=00040e80 ret=7fa1ce573cd7
001a:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034f150,00040e80,00000050,00000000,00000000) ret=7fa1ce57d5f6
001a:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fa1ce57d5f6
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00040e80) ret=7fa1ce573d3f
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce573d3f
001a:Call ntdll.RtlFreeHeap(00030000,00000000,000316c0) ret=7fa1ce575fef
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce575fef
001a:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,0034f1d0,7374756f00000010,00000000,00000000) ret=7fa1ce57d777
0019:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0019:Call KERNEL32.CloseHandle(00000104) ret=7fe363e9e6ff
001a:Ret  ntdll.NtReadFile() retval=00000103 ret=7fa1ce57d777
001a:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7fa1ce57d79c
0019:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0019:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363e95f4b
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,000457e0,00000008,00000000,00000000) ret=7fe363e9e777
0019:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fe363e96011
0019:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363e96011
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,000456c0,00000038,00000000,00000000) ret=7fe363e9e777
0019:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fe363ea70b4
0019:Ret  ntdll.RtlAllocateHeap() retval=000461a0 ret=7fe363ea70b4
0019:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363e96199
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0019:Ret  ntdll.RtlAllocateHeap() retval=00045a30 ret=7fe363e992d1
0019:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045a30,00000010) ret=7fe363e9931b
0019:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0019:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0019:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363e99242
0013:Call rpcrt4.NdrServerInitializeNew(000460b0,006af620,7fe36475ed20) ret=7fe36474fce2
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474fce2
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,007dfb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0013:Call rpcrt4.NdrServerContextNewUnmarshall(006af620,7fe3647587fc) ret=7fe36474fdcb
0013:Call ntdll.RtlAcquireResourceExclusive(000462f8,00000001) ret=7fe363e8b140
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00046230 ret=7fe363ea80b5
0019:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=000462c0 ret=7fe36474fdcb
0013:Call rpcrt4.NdrConformantStringUnmarshall(006af620,006af7c0,7fe364758802,00000000) ret=7fe36474fdec
0019:Call KERNEL32.WaitForSingleObject(000000f4,ffffffff) ret=7fe363e9e79c
0013:Ret  rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7fe36474fdec
0013:Call rpcrt4.NdrContextHandleInitialize(006af620,7fe364758804) ret=7fe36474fe54
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0013:Ret  ntdll.RtlAllocateHeap() retval=00046510 ret=7fe363e8afef
0013:Call ntdll.RtlInitializeResource(00046548) ret=7fe363e8b007
0013:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0013:Call ntdll.RtlAcquireResourceExclusive(00046548,00000001) ret=7fe363e8b01e
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00046600 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrContextHandleInitialize() retval=00046510 ret=7fe36474fe54
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe36473debd
0013:Ret  ntdll.RtlAllocateHeap() retval=00046640 ret=7fe36473debd
0013:Call ntdll.RtlMapGenericMask(00046644,7fe364757830) ret=7fe36473defb
0013:Ret  ntdll.RtlMapGenericMask() retval=00008000 ret=7fe36473defb
0013:Call rpcrt4.I_RpcGetBuffer(000460b0) ret=7fe36474fea7
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00046680 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474fea7
0013:Call rpcrt4.NdrServerContextNewMarshall(006af620,00046510,7fe36474416c,7fe364758804) ret=7fe36474fede
0013:Call advapi32.SystemFunction036(00046538,00000010) ret=7fe363ea5e90
0013:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046600) ret=7fe363ea8141
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0013:Call ntdll.RtlReleaseResource(00046548) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474fede
0013:Call rpcrt4.NdrPointerFree(006af620,000461c0,7fe364758800) ret=7fe36474ff62
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474ff62
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046230) ret=7fe363ea81aa
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0013:Call ntdll.RtlReleaseResource(000462f8) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=00046600 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=00046230 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(000000a8,0000010c,00000000,00000000,006af750,00046230,00000030,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046230) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046600) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000461a0) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001a:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fa1ce57d79c
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046680) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce574f4b
001a:Ret  ntdll.RtlAllocateHeap() retval=00040e80 ret=7fa1ce574f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000460b0) ret=7fe363e9966b
001a:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,00040e90,00000008,00000000,00000000) ret=7fa1ce57d777
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045a30) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001a:Ret  ntdll.NtReadFile() retval=80000005 ret=7fa1ce57d777
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce575011
001a:Ret  ntdll.RtlAllocateHeap() retval=000316c0 ret=7fa1ce575011
001a:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,000316c0,00000018,00000000,00000000) ret=7fa1ce57d777
001a:Ret  ntdll.NtReadFile() retval=00000000 ret=7fa1ce57d777
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce5860b4
001a:Ret  ntdll.RtlAllocateHeap() retval=00040ec0 ret=7fa1ce5860b4
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce5751df
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5751df
001a:Call ntdll.RtlFreeHeap(00030000,00000000,000316c0) ret=7fa1ce575199
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce575199
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00040e80) ret=7fa1ce576336
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce576336
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00031380) ret=7fa1ce5860d9
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5860d9
001a:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7fa1ce61a6aa
001a:Call rpcrt4.NdrClientContextUnmarshall(0034f7d0,0034fbb0,00040d70) ret=7fa1ce61a6f0
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fa1ce548958
001a:Ret  ntdll.RtlAllocateHeap() retval=00031380 ret=7fa1ce548958
001a:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7fa1ce56d4e8
001a:Ret  ntdll.RtlAllocateHeap() retval=00040f00 ret=7fa1ce56d4e8
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fa1ce56aafb
001a:Ret  ntdll.RtlAllocateHeap() retval=000316c0 ret=7fa1ce56aafb
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7fa1ce56aafb
001a:Ret  ntdll.RtlAllocateHeap() retval=00040e80 ret=7fa1ce56aafb
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fa1ce56aafb
001a:Ret  ntdll.RtlAllocateHeap() retval=00040f90 ret=7fa1ce56aafb
001a:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7fa1ce61a6f0
001a:Call rpcrt4.NdrFreeBuffer(0034f7d0) ret=7fa1ce61a753
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00040ec0) ret=7fa1ce5860d9
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5860d9
001a:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fa1ce61a753
001a:Call rpcrt4.NdrClientInitializeNew(0034f690,0034f7d0,7fa1ce642d00,00000010) ret=7fa1ce61a5d7
001a:Ret  rpcrt4.NdrClientInitializeNew() retval=7fa1ce60dc2f ret=7fa1ce61a5d7
001a:Call rpcrt4.NDRCContextBinding(00031540) ret=7fa1ce61a5e8
001a:Ret  rpcrt4.NDRCContextBinding() retval=00040d70 ret=7fa1ce61a5e8
001a:Call rpcrt4.NdrConformantStringBufferSize(0034f7d0,00040d30,7fa1ce62cd22) ret=7fa1ce61a60d
001a:Ret  rpcrt4.NdrConformantStringBufferSize() retval=0000003e ret=7fa1ce61a60d
001a:Call rpcrt4.NdrGetBuffer(0034f7d0,0000003e,00040d70) ret=7fa1ce61a624
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003e) ret=7fa1ce5860b4
001a:Ret  ntdll.RtlAllocateHeap() retval=00040fd0 ret=7fa1ce5860b4
001a:Ret  rpcrt4.NdrGetBuffer() retval=00040fd0 ret=7fa1ce61a624
001a:Call rpcrt4.NdrClientContextMarshall(0034f7d0,00031540,00000000) ret=7fa1ce61a632
001a:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7fa1ce61a632
001a:Call rpcrt4.NdrConformantStringMarshall(0034f7d0,00040d30,7fa1ce62cd22) ret=7fa1ce61a644
001a:Ret  rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7fa1ce61a644
001a:Call rpcrt4.NdrSendReceive(0034f7d0,00041008) ret=7fa1ce61a6aa
001a:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fa1ce575f33
001a:Ret  ntdll.RtlAllocateHeap() retval=00040ec0 ret=7fa1ce575f33
001a:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fa1ce573cd7
001a:Ret  ntdll.RtlAllocateHeap() retval=00041020 ret=7fa1ce573cd7
001a:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034f150,00041020,00000050,00000000,00000000) ret=7fa1ce57d5f6
001a:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fa1ce57d5f6
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00041020) ret=7fa1ce573d3f
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce573d3f
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00040ec0) ret=7fa1ce575fef
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce575fef
001a:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,0034f1d0,7374756f00000010,00000000,00000000) ret=7fa1ce57d777
0019:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0019:Call KERNEL32.CloseHandle(0000010c) ret=7fe363e9e6ff
001a:Ret  ntdll.NtReadFile() retval=00000103 ret=7fa1ce57d777
0019:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001a:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7fa1ce57d79c
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0019:Ret  ntdll.RtlAllocateHeap() retval=00046600 ret=7fe363e95f4b
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,00046610,00000008,00000000,00000000) ret=7fe363e9e777
0019:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fe363e96011
0019:Ret  ntdll.RtlAllocateHeap() retval=00046430 ret=7fe363e96011
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,00046430,00000038,00000000,00000000) ret=7fe363e9e777
0019:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fe363ea70b4
0019:Ret  ntdll.RtlAllocateHeap() retval=00046480 ret=7fe363ea70b4
0019:Call ntdll.RtlFreeHeap(00030000,00000000,00046430) ret=7fe363e96199
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0019:Ret  ntdll.RtlAllocateHeap() retval=00045a30 ret=7fe363e992d1
0019:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045a30,00000010) ret=7fe363e9931b
0019:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0019:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0012:Call rpcrt4.NdrServerInitializeNew(000456c0,0059f620,7fe36475ed20) ret=7fe36474fce2
0019:Ret  ntdll.RtlAllocateHeap() retval=00046070 ret=7fe363e99242
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474fce2
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f620,7fe3647587fc) ret=7fe36474fdcb
0012:Call ntdll.RtlAcquireResourceExclusive(000462f8,00000001) ret=7fe363e8b140
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,007dfb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=000460d0 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=000462c0 ret=7fe36474fdcb
0012:Call rpcrt4.NdrConformantStringUnmarshall(0059f620,0059f7c0,7fe364758802,00000000) ret=7fe36474fdec
0012:Ret  rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7fe36474fdec
0012:Call rpcrt4.NdrContextHandleInitialize(0059f620,7fe364758804) ret=7fe36474fe54
0019:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0012:Ret  ntdll.RtlAllocateHeap() retval=000461a0 ret=7fe363e8afef
0019:Call KERNEL32.WaitForSingleObject(000000f4,ffffffff) ret=7fe363e9e79c
0012:Call ntdll.RtlInitializeResource(000461d8) ret=7fe363e8b007
0012:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0012:Call ntdll.RtlAcquireResourceExclusive(000461d8,00000001) ret=7fe363e8b01e
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=000467c0 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrContextHandleInitialize() retval=000461a0 ret=7fe36474fe54
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe36473debd
0012:Ret  ntdll.RtlAllocateHeap() retval=00046800 ret=7fe36473debd
0012:Call ntdll.RtlMapGenericMask(00046804,7fe364757830) ret=7fe36473defb
0012:Ret  ntdll.RtlMapGenericMask() retval=0002008f ret=7fe36473defb
0012:Call rpcrt4.I_RpcGetBuffer(000456c0) ret=7fe36474fea7
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00046840 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474fea7
0012:Call rpcrt4.NdrServerContextNewMarshall(0059f620,000461a0,7fe36474416c,7fe364758804) ret=7fe36474fede
0012:Call advapi32.SystemFunction036(000461c8,00000010) ret=7fe363ea5e90
0012:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000467c0) ret=7fe363ea8141
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0012:Call ntdll.RtlReleaseResource(000461d8) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474fede
0012:Call rpcrt4.NdrPointerFree(0059f620,000464a0,7fe364758800) ret=7fe36474ff62
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474ff62
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000460d0) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0012:Call ntdll.RtlReleaseResource(000462f8) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=000467c0 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=000460d0 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(000000a8,00000114,00000000,00000000,0059f750,000460d0,00000030,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000460d0) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000467c0) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046480) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001a:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fa1ce57d79c
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046840) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce574f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046600) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
001a:Ret  ntdll.RtlAllocateHeap() retval=00041020 ret=7fa1ce574f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000456c0) ret=7fe363e9966b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
001a:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,00041030,00000008,00000000,00000000) ret=7fa1ce57d777
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045a30) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001a:Ret  ntdll.NtReadFile() retval=80000005 ret=7fa1ce57d777
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce575011
001a:Ret  ntdll.RtlAllocateHeap() retval=00040ec0 ret=7fa1ce575011
001a:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,00040ec0,00000018,00000000,00000000) ret=7fa1ce57d777
001a:Ret  ntdll.NtReadFile() retval=00000000 ret=7fa1ce57d777
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce5860b4
001a:Ret  ntdll.RtlAllocateHeap() retval=00041060 ret=7fa1ce5860b4
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce5751df
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5751df
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00040ec0) ret=7fa1ce575199
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce575199
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00041020) ret=7fa1ce576336
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce576336
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00040fd0) ret=7fa1ce5860d9
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5860d9
001a:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7fa1ce61a6aa
001a:Call rpcrt4.NdrClientContextUnmarshall(0034f7d0,0034fbb0,00040d70) ret=7fa1ce61a6f0
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fa1ce548958
001a:Ret  ntdll.RtlAllocateHeap() retval=00040fd0 ret=7fa1ce548958
001a:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7fa1ce56d4e8
001a:Ret  ntdll.RtlAllocateHeap() retval=000410a0 ret=7fa1ce56d4e8
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fa1ce56aafb
001a:Ret  ntdll.RtlAllocateHeap() retval=00040ec0 ret=7fa1ce56aafb
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7fa1ce56aafb
001a:Ret  ntdll.RtlAllocateHeap() retval=00041130 ret=7fa1ce56aafb
001a:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fa1ce56aafb
001a:Ret  ntdll.RtlAllocateHeap() retval=00041170 ret=7fa1ce56aafb
001a:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7fa1ce61a6f0
001a:Call rpcrt4.NdrFreeBuffer(0034f7d0) ret=7fa1ce61a753
001a:Call ntdll.RtlFreeHeap(00030000,00000000,00041060) ret=7fa1ce5860d9
001a:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5860d9
001a:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fa1ce61a753
001b:Call PE DLL (proc=0x7fa1ce588e5b,module=0x7fa1ce530000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
001b:Ret  PE DLL (proc=0x7fa1ce588e5b,module=0x7fa1ce530000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
001b:Starting thread proc 0x7fa1ce60d474 (arg=0x31250)
000d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe364740a04
000d:Call KERNEL32.GetOverlappedResult(000000ec,0024fa40,0024fa3c,00000000) ret=7fe364740990
001b:Call advapi32.RegisterServiceCtrlHandlerExW(7fa1d04b52c0 L"PlugPlay",7fa1d04b29f3,00000000) ret=7fa1d04b28d4
000d:Ret  KERNEL32.GetOverlappedResult() retval=00000001 ret=7fe364740990
001b:Ret  advapi32.RegisterServiceCtrlHandlerExW() retval=00031380 ret=7fa1d04b28d4
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe364740823
001b:Call advapi32.SetServiceStatus(00031380,0046fbc0) ret=7fa1d04b2919
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364740823
000d:Call ntdll.RtlFreeHeap(00030000,00000000,000463b0) ret=7fe364746401
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364746401
001b:Call rpcrt4.NdrClientInitializeNew(0046f580,0046f6c0,7fa1ce642d00,00000007) ret=7fa1ce618468
001b:Ret  rpcrt4.NdrClientInitializeNew() retval=7fa1ce60dc2f ret=7fa1ce618468
000d:Call KERNEL32.WaitForMultipleObjects(00000002,0024fb10,00000000,00002710) ret=7fe3647464eb
001b:Call rpcrt4.NDRCContextBinding(00031380) ret=7fa1ce618479
001b:Ret  rpcrt4.NDRCContextBinding() retval=00040f00 ret=7fa1ce618479
001b:Call rpcrt4.NdrGetBuffer(0046f6c0,00000038,00040f00) ret=7fa1ce61849c
001b:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7fa1ce5860b4
001b:Ret  ntdll.RtlAllocateHeap() retval=000411f0 ret=7fa1ce5860b4
001b:Ret  rpcrt4.NdrGetBuffer() retval=000411f0 ret=7fa1ce61849c
001b:Call rpcrt4.NdrClientContextMarshall(0046f6c0,00031380,00000000) ret=7fa1ce6184aa
001b:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7fa1ce6184aa
001b:Call rpcrt4.NdrSimpleStructMarshall(0046f6c0,0046fbc0,7fa1ce62cc44) ret=7fa1ce6184bc
001b:Ret  rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7fa1ce6184bc
001b:Call rpcrt4.NdrSendReceive(0046f6c0,00041220) ret=7fa1ce6184cc
001b:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fa1ce575f33
001b:Ret  ntdll.RtlAllocateHeap() retval=00041240 ret=7fa1ce575f33
001b:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7fa1ce584492
001b:Ret  ntdll.RtlAllocateHeap() retval=00041280 ret=7fa1ce584492
001b:Call KERNEL32.InitializeCriticalSection(00041290) ret=7fa1ce5844a3
001b:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fa1ce5844a3
001b:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7fa1ce573cd7
001b:Ret  ntdll.RtlAllocateHeap() retval=00041330 ret=7fa1ce573cd7
001b:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0046f040,00041330,00000048,00000000,00000000) ret=7fa1ce57d5f6
001b:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fa1ce57d5f6
001b:Call ntdll.RtlFreeHeap(00030000,00000000,00041330) ret=7fa1ce573d3f
001b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce573d3f
001b:Call ntdll.RtlFreeHeap(00030000,00000000,00041240) ret=7fa1ce575fef
001b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce575fef
0019:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001b:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,0046f0c0,ffffffff00000010,00000000,00000000) ret=7fa1ce57d777
0019:Call KERNEL32.CloseHandle(00000114) ret=7fe363e9e6ff
001b:Ret  ntdll.NtReadFile() retval=00000103 ret=7fa1ce57d777
0019:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001b:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7fa1ce57d79c
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
0019:Ret  ntdll.RtlAllocateHeap() retval=000467c0 ret=7fe363e95f4b
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,000467d0,00000008,00000000,00000000) ret=7fe363e9e777
0019:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363e96011
0019:Ret  ntdll.RtlAllocateHeap() retval=00046600 ret=7fe363e96011
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,00046600,00000030,00000000,00000000) ret=7fe363e9e777
0019:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363ea70b4
0019:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363ea70b4
0019:Call ntdll.RtlFreeHeap(00030000,00000000,00046600) ret=7fe363e96199
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
0019:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
0019:Ret  ntdll.RtlAllocateHeap() retval=000463b0 ret=7fe363e992d1
0019:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000463b0,00000010) ret=7fe363e9931b
0019:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0019:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0019:Ret  ntdll.RtlAllocateHeap() retval=000456c0 ret=7fe363e99242
0013:Call rpcrt4.NdrServerInitializeNew(00046070,006af630,7fe36475ed20) ret=7fe36474c404
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474c404
0013:Call rpcrt4.NdrServerContextNewUnmarshall(006af630,7fe364758720) ret=7fe36474c4e1
0019:Call ntdll.NtReadFile(000000a8,000000f4,00000000,00000000,00045c58,007dfb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0013:Call ntdll.RtlAcquireResourceExclusive(00046548,00000001) ret=7fe363e8b140
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00046600 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00046510 ret=7fe36474c4e1
0019:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Call rpcrt4.NdrSimpleStructUnmarshall(006af630,006af7d0,7fe364758724,00000000) ret=7fe36474c502
0019:Call KERNEL32.WaitForSingleObject(000000f4,ffffffff) ret=7fe363e9e79c
0013:Ret  rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7fe36474c502
0013:Call KERNEL32.SetEvent(00000050) ret=7fe36473fc9e
000d:Ret  KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7fe3647464eb
0013:Ret  KERNEL32.SetEvent() retval=00000001 ret=7fe36473fc9e
0013:Call rpcrt4.I_RpcGetBuffer(00046070) ret=7fe36474c56d
000d:Call KERNEL32.ReleaseMutex(000000dc) ret=7fe364746453
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000008) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474c56d
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046600) ret=7fe363ea81aa
000d:Ret  KERNEL32.ReleaseMutex() retval=00000001 ret=7fe364746453
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0013:Call ntdll.RtlReleaseResource(00046548) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
000d:Call KERNEL32.ExpandEnvironmentStringsW(00042e30 L"C:\\windows\\system32\\drivers\\winebus.sys",00000000,00000000) ret=7fe3647455d3
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=00046600 ret=7fe363e93f0b
000d:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000028 ret=7fe3647455d3
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,0000001c) ret=7fe363e94cd7
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000050) ret=7fe3647455f0
0013:Ret  ntdll.RtlAllocateHeap() retval=000460d0 ret=7fe363e94cd7
000d:Ret  ntdll.RtlAllocateHeap() retval=00046680 ret=7fe3647455f0
000d:Call KERNEL32.ExpandEnvironmentStringsW(00042e30 L"C:\\windows\\system32\\drivers\\winebus.sys",00046680,00000028) ret=7fe36474560b
000d:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000028 ret=7fe36474560b
000d:Call KERNEL32.GetBinaryTypeW(00046680 L"C:\\windows\\system32\\drivers\\winebus.sys",0024f7f0) ret=7fe364745a26
0013:Call ntdll.NtWriteFile(000000a8,00000114,00000000,00000000,006af750,000460d0,0000001c,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000460d0) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046600) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000467c0) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
001b:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fa1ce57d79c
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046070) ret=7fe363e9966b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
001b:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fa1ce574f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
001b:Ret  ntdll.RtlAllocateHeap() retval=00041330 ret=7fa1ce574f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000463b0) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001b:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,00041340,00000008,00000000,00000000) ret=7fa1ce57d777
000d:Ret  KERNEL32.GetBinaryTypeW() retval=00000001 ret=7fe364745a26
000d:Call KERNEL32.GetSystemDirectoryW(0024f860,00000104) ret=7fe364745a4a
000d:Ret  KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7fe364745a4a
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00046680) ret=7fe364745a61
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364745a61
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000046) ret=7fe364745a9e
000d:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe364745a9e
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,000000d8) ret=7fe364744363
000d:Ret  ntdll.RtlAllocateHeap() retval=00046070 ret=7fe364744363
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00046600 ret=7fe364746667
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000046) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00046430 ret=7fe364746667
001b:Ret  ntdll.NtReadFile() retval=80000005 ret=7fa1ce57d777
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
001b:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7fa1ce575011
000d:Ret  ntdll.RtlAllocateHeap() retval=000467c0 ret=7fe364746667
001b:Ret  ntdll.RtlAllocateHeap() retval=00041240 ret=7fa1ce575011
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=000463b0 ret=7fe364746667
001b:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00040c08,00041240,00000004,00000000,00000000) ret=7fa1ce57d777
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=00045600 ret=7fe364746667
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe36474606c
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474606c
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746667
000d:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe364746667
000d:Call KERNEL32.ExpandEnvironmentStringsW(00046430 L"C:\\windows\\system32\\winedevice.exe",00000000,00000000) ret=7fe3647455d3
000d:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000023 ret=7fe3647455d3
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000046) ret=7fe3647455f0
000d:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe3647455f0
000d:Call KERNEL32.ExpandEnvironmentStringsW(00046430 L"C:\\windows\\system32\\winedevice.exe",00044300,00000023) ret=7fe36474560b
001b:Ret  ntdll.NtReadFile() retval=00000000 ret=7fa1ce57d777
000d:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000023 ret=7fe36474560b
001b:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7fa1ce5860b4
001b:Ret  ntdll.RtlAllocateHeap() retval=00041370 ret=7fa1ce5860b4
000d:Call advapi32.RegQueryValueExW(00000030,00000000,00000000,0024f3d0,0024f3b0,0024f3a8) ret=7fe364745678
001b:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fa1ce5751df
001b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5751df
001b:Call ntdll.RtlFreeHeap(00030000,00000000,00041240) ret=7fa1ce575199
001b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce575199
001b:Call ntdll.RtlFreeHeap(00030000,00000000,00041330) ret=7fa1ce576336
001b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce576336
000d:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7fe364745678
001b:Call ntdll.RtlFreeHeap(00030000,00000000,000411f0) ret=7fa1ce5860d9
000d:Call advapi32.RegSetValueExW(00000030,00000000,00000000,00000004,7fe3647602d0,00000004) ret=7fe3647456b5
001b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5860d9
001b:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7fa1ce6184cc
001b:Call rpcrt4.NdrFreeBuffer(0046f6c0) ret=7fa1ce618565
001b:Call ntdll.RtlFreeHeap(00030000,00000000,00041370) ret=7fa1ce5860d9
001b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fa1ce5860d9
001b:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fa1ce618565
001b:Ret  advapi32.SetServiceStatus() retval=00000001 ret=7fa1d04b2919
000d:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7fe3647456b5
001b:Call KERNEL32.WaitForSingleObject(00000040,ffffffff) ret=7fa1d04b292a
000d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7fe3647456f4
000d:Ret  ntdll.RtlAllocateHeap() retval=00046490 ret=7fe3647456f4
000d:Call KERNEL32.CreateMutexW(00000000,00000001,00000000) ret=7fe364745716
000d:Ret  KERNEL32.CreateMutexW() retval=0000011c ret=7fe364745716
000d:Call KERNEL32.CreateNamedPipeW(7fe364760280 L"\\\\.\\pipe\\net\\NtControlPipe2",40000003,00000000,00000001,7fe300000100,00000100,ffffffff00002710,00000000) ret=7fe36474577d
000d:Ret  KERNEL32.CreateNamedPipeW() retval=00000124 ret=7fe36474577d
000d:Call KERNEL32.ResetEvent(00000118) ret=7fe3647457e5
000d:Ret  KERNEL32.ResetEvent() retval=00000001 ret=7fe3647457e5
000d:Call KERNEL32.CreateProcessW(00000000,00044300 L"C:\\windows\\system32\\winedevice.exe",00000000,00000000,7fe300000000,00000400,00370000,00000000,0024f3d0,0024f3b0) ret=7fe364745879
001d:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError"
001d:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32"
001d:Call KERNEL32.__wine_kernel_init() ret=7bc85261
001d:Ret  KERNEL32.__wine_kernel_init() retval=7b47d405 ret=7bc85261
000d:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7fe364745879
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00044300) ret=7fe364745892
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364745892
000d:Call KERNEL32.CloseHandle(00000134) ret=7fe3647458be
000d:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe3647458be
000d:Call KERNEL32.ConnectNamedPipe(00000124,0024f6d0) ret=7fe36474624a
000d:Ret  KERNEL32.ConnectNamedPipe() retval=00000000 ret=7fe36474624a
000d:Call KERNEL32.WaitForMultipleObjects(00000002,0024f6f0,00000000,00002710) ret=7fe364746577
001d:Call PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00)
001d:Ret  PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
001d:Call PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
001d:Ret  PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
001d:Call PE DLL (proc=0x7f675ac391d4,module=0x7f675abe0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
001d:Ret  PE DLL (proc=0x7f675ac391d4,module=0x7f675abe0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
001d:Call PE DLL (proc=0x7f675aba0ee9,module=0x7f675ab80000 L"ntoskrnl.exe",reason=PROCESS_ATTACH,res=0x24fb00)
001d:Call KERNEL32.DisableThreadLibraryCalls(7f675ab80000) ret=7f675ab9b0e2
001d:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f675ab9b0e2
001d:Call ntdll.RtlAddVectoredExceptionHandler(00000001,7f675ab8eff2) ret=7f675ab9b0f3
001d:Ret  ntdll.RtlAddVectoredExceptionHandler() retval=00031400 ret=7f675ab9b0f3
001d:Call ntdll.NtGetTickCount() ret=7f675ab95cee
001d:Ret  ntdll.NtGetTickCount() retval=031a27b6 ret=7f675ab95cee
001d:Ret  PE DLL (proc=0x7f675aba0ee9,module=0x7f675ab80000 L"ntoskrnl.exe",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
001d:Call PE DLL (proc=0x7f675cadd699,module=0x7f675cad0000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00)
001d:Call ntdll.LdrDisableThreadCalloutsForDll(7f675cad0000) ret=7f675cadd692
001d:Ret  ntdll.LdrDisableThreadCalloutsForDll() retval=00000000 ret=7f675cadd692
001d:Ret  PE DLL (proc=0x7f675cadd699,module=0x7f675cad0000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
001d:Starting process L"C:\\windows\\system32\\winedevice.exe" (entryproc=0x7f675cac90b6)
001d:Call advapi32.StartServiceCtrlDispatcherW(0024fca0) ret=7f675cac909a
001d:Call PE DLL (proc=0x7f675ab35e5b,module=0x7f675aae0000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil))
001d:Ret  PE DLL (proc=0x7f675ab35e5b,module=0x7f675aae0000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
001d:Call rpcrt4.NdrClientInitializeNew(0024f180,0024f2c0,7f675ac58d00,0000000f) ret=7f675ac302a4
001d:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac302a4
001d:Call rpcrt4.RpcStringBindingComposeW(00000000,0024f030 L"ncacn_np",00000000,0024f050 L"\\pipe\\svcctl",00000000,0024f020) ret=7f675ac2325f
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7f675ab18c0c
001d:Ret  ntdll.RtlAllocateHeap() retval=000316f0 ret=7f675ab18c0c
001d:Ret  rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7f675ac2325f
001d:Call rpcrt4.RpcBindingFromStringBindingW(000316f0 L"ncacn_np:[\\\\pipe\\\\svcctl]",0024f028) ret=7f675ac232c0
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7f675ab179c5
001d:Ret  ntdll.RtlAllocateHeap() retval=00031760 ret=7f675ab179c5
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000002) ret=7f675ab179c5
001d:Ret  ntdll.RtlAllocateHeap() retval=00031530 ret=7f675ab179c5
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7f675ab179c5
001d:Ret  ntdll.RtlAllocateHeap() retval=00031570 ret=7f675ab179c5
001d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f675ab17908
001d:Ret  ntdll.RtlAllocateHeap() retval=000315b0 ret=7f675ab17908
001d:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031760 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000) ret=7f675ab17b63
001d:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f675ab17b63
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f675ab17b7d
001d:Ret  ntdll.RtlAllocateHeap() retval=000466f0 ret=7f675ab17b7d
001d:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031760 L"ncacn_np",ffffffff,000466f0,00000009,00000000,00000000) ret=7f675ab17bae
001d:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f675ab17bae
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1b8a2
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1b8a2
001d:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031530 L"",ffffffff,00000000,00000000,00000000,00000000) ret=7f675ab17b63
001d:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f675ab17b63
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17b7d
001d:Ret  ntdll.RtlAllocateHeap() retval=00046730 ret=7f675ab17b7d
001d:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031530 L"",ffffffff,00046730,00000001,00000000,00000000) ret=7f675ab17bae
001d:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f675ab17bae
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1b8d2
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1b8d2
001d:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031570 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000) ret=7f675ab17b63
001d:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f675ab17b63
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17b7d
001d:Ret  ntdll.RtlAllocateHeap() retval=00046770 ret=7f675ab17b7d
001d:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00031570 L"\\pipe\\svcctl",ffffffff,00046770,0000000d,00000000,00000000) ret=7f675ab17bae
001d:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f675ab17bae
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1b8fd
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1b8fd
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,000000a0) ret=7f675ab15f57
001d:Ret  ntdll.RtlAllocateHeap() retval=000467b0 ret=7f675ab15f57
001d:Call KERNEL32.InitializeCriticalSection(00046800) ret=7f675ab15f97
001d:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f675ab15f97
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f675ab17afb
001d:Ret  ntdll.RtlAllocateHeap() retval=000468a0 ret=7f675ab17afb
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17afb
001d:Ret  ntdll.RtlAllocateHeap() retval=000468e0 ret=7f675ab17afb
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17afb
001d:Ret  ntdll.RtlAllocateHeap() retval=00046920 ret=7f675ab17afb
001d:Call advapi32.SystemFunction036(000467ec,00000010) ret=7f675ab31e90
001d:Ret  advapi32.SystemFunction036() retval=00000001 ret=7f675ab31e90
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab31723
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00031570) ret=7f675ab31723
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00031530) ret=7f675ab31723
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00031760) ret=7f675ab31723
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab31723
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001d:Ret  rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7f675ac232c0
001d:Call rpcrt4.RpcStringFreeW(0024f020) ret=7f675ac232ca
001d:Call ntdll.RtlFreeHeap(00030000,00000000,000316f0) ret=7f675ab31723
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001d:Ret  rpcrt4.RpcStringFreeW() retval=00000000 ret=7f675ac232ca
001d:Call rpcrt4.NdrPointerBufferSize(0024f2c0,00000000,7f675ac42d0c) ret=7f675ac302d1
001d:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f675ac302d1
001d:Call rpcrt4.NdrPointerBufferSize(0024f2c0,00000000,7f675ac431f0) ret=7f675ac302e3
001d:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f675ac302e3
001d:Call rpcrt4.NdrGetBuffer(0024f2c0,00000010,000315b0) ret=7f675ac302fa
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7f675ab330b4
001d:Ret  ntdll.RtlAllocateHeap() retval=00031530 ret=7f675ab330b4
001d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000118) ret=7f675ab294ef
001d:Ret  ntdll.RtlAllocateHeap() retval=00046960 ret=7f675ab294ef
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17afb
001d:Ret  ntdll.RtlAllocateHeap() retval=000316f0 ret=7f675ab17afb
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17afb
001d:Ret  ntdll.RtlAllocateHeap() retval=00031730 ret=7f675ab17afb
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7f675ab330b4
001d:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f675ab330b4
001d:Call KERNEL32.CreateFileA(00031770 "\\\\.\\pipe\\svcctl",c0000000,00000000,00000000,00000003,7f6740000000,00000000) ret=7f675ab2a290
001d:Ret  KERNEL32.CreateFileA() retval=00000020 ret=7f675ab2a290
001d:Call KERNEL32.SetNamedPipeHandleState(00000020,0024ebd4,00000000,00000000) ret=7f675ab2a408
001d:Ret  KERNEL32.SetNamedPipeHandleState() retval=00000001 ret=7f675ab2a408
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00031770) ret=7f675ab330d9
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
000e:Ret  KERNEL32.WaitForMultipleObjectsEx() retval=00000001 ret=7fe363ea3d32
000e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000118) ret=7fe363e9d4ef
000e:Ret  ntdll.RtlAllocateHeap() retval=00046680 ret=7fe363e9d4ef
001d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7f675ab1ffd2
000e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bafb
000e:Ret  ntdll.RtlAllocateHeap() retval=00044300 ret=7fe363e8bafb
001d:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f675ab1ffd2
001d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7f675ab31492
001d:Ret  ntdll.RtlAllocateHeap() retval=00046a90 ret=7f675ab31492
000e:Call KERNEL32.CreateNamedPipeA(00043cc0 "\\\\.\\pipe\\svcctl",40000003,00000006,000000ff,000016d0,000016d0,7fe300001388,00000000) ret=7fe363e9e83a
001d:Call KERNEL32.InitializeCriticalSection(00046aa0) ret=7f675ab314a3
001d:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f675ab314a3
001d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7f675ab20cd7
001d:Ret  ntdll.RtlAllocateHeap() retval=00046b40 ret=7f675ab20cd7
000e:Ret  KERNEL32.CreateNamedPipeA() retval=00000128 ret=7fe363e9e83a
000e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea0c0d
000e:Ret  ntdll.RtlAllocateHeap() retval=00046840 ret=7fe363ea0c0d
000e:Call KERNEL32.GetComputerNameA(00046840,0034fc04) ret=7fe363ea0c1e
001d:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0024eb10,00046b40,00000048,00000000,00000000) ret=7f675ab2a5f6
001d:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00046b40) ret=7f675ab20d3f
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
000e:Ret  KERNEL32.GetComputerNameA() retval=00000001 ret=7fe363ea0c1e
000e:Call KERNEL32.CreateThread(00000000,00000000,7fe363e9911c,00046680,00000000,00000000) ret=7fe363e9982d
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00031770) ret=7f675ab2048f
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab2048f
001d:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0024eb40,7374756f00000010,00000000,00000000) ret=7f675ab2a777
001d:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001d:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
000e:Ret  KERNEL32.CreateThread() retval=0000012c ret=7fe363e9982d
000e:Call KERNEL32.CloseHandle(0000012c) ret=7fe363e9983d
000e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9983d
000e:Call ntdll.NtFsControlFile(00000128,00000090,00000000,00000000,00043c48,00110008,00000000,7fe300000000,00000000,00000000) ret=7fe363e9e9b2
000e:Ret  ntdll.NtFsControlFile() retval=00000103 ret=7fe363e9e9b2
000e:Call ntdll.RtlReAllocateHeap(00030000,00000000,00043d70,00000010) ret=7fe363e9ea45
000e:Ret  ntdll.RtlReAllocateHeap() retval=00043d70 ret=7fe363e9ea45
000e:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00043d70,00000000,ffffffff,00000001) ret=7fe363ea3d32
001e:Call PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
001e:Ret  PE DLL (proc=0x7fe363ea9e5b,module=0x7fe363e50000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
001e:Starting thread proc 0x7fe363e9911c (arg=0x46680)
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=00046880 ret=7fe363e99242
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7fe363ea5492
001e:Ret  ntdll.RtlAllocateHeap() retval=000468e0 ret=7fe363ea5492
001e:Call KERNEL32.InitializeCriticalSection(000468f0) ret=7fe363ea54a3
001e:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fe363ea54a3
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001c) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000469a0,0000000c,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=000469d0 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000469d0,0000002c,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00046a10 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,000469d0) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e98bb0
001e:Ret  ntdll.RtlAllocateHeap() retval=000469d0 ret=7fe363e98bb0
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7fe363e8b908
001e:Ret  ntdll.RtlAllocateHeap() retval=00046a50 ret=7fe363e8b908
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fe363e8bafb
001e:Ret  ntdll.RtlAllocateHeap() retval=00046ae0 ret=7fe363e8bafb
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000f) ret=7fe363e8bafb
001e:Ret  ntdll.RtlAllocateHeap() retval=00046b20 ret=7fe363e8bafb
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bafb
001e:Ret  ntdll.RtlAllocateHeap() retval=00046b60 ret=7fe363e8bafb
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,000000a0) ret=7fe363e89f57
001e:Ret  ntdll.RtlAllocateHeap() retval=00046ba0 ret=7fe363e89f57
001e:Call KERNEL32.InitializeCriticalSection(00046bf0) ret=7fe363e89f97
001e:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fe363e89f97
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7fe363e8bafb
001e:Ret  ntdll.RtlAllocateHeap() retval=00046cf0 ret=7fe363e8bafb
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000f) ret=7fe363e8bafb
001e:Ret  ntdll.RtlAllocateHeap() retval=00046d30 ret=7fe363e8bafb
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7fe363e8bafb
001e:Ret  ntdll.RtlAllocateHeap() retval=00046d70 ret=7fe363e8bafb
001e:Call advapi32.SystemFunction036(00046bdc,00000010) ret=7fe363ea5e90
001e:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000044) ret=7fe363e9411a
001e:Ret  ntdll.RtlAllocateHeap() retval=00046db0 ret=7fe363e9411a
001e:Call ntdll.RtlFreeHeap(00030000,00000000,000469d0) ret=7fe363e98d98
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e98d98
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000044) ret=7fe363e94cd7
001e:Ret  ntdll.RtlAllocateHeap() retval=00046e10 ret=7fe363e94cd7
001e:Call ntdll.NtWriteFile(000000f0,0000012c,00000000,00000000,008ffb20,00046e10,00000044,00000000,00000000) ret=7fe363e9e5f6
001e:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00046e10) ret=7fe363e94d3f
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00046db0) ret=7fe363e9448f
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00046a10) ret=7fe363ea70d9
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe363e9448f
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
001d:Ret  ntdll.RtlAllocateHeap() retval=00046b40 ret=7f675ab21f4b
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00046880) ret=7fe363e99203
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99203
001d:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046b50,00000008,00000000,00000000) ret=7f675ab2a777
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e9921c
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9921c
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=00046880 ret=7fe363e99242
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
001d:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7f675ab22011
001d:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f675ab22011
001d:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00031770,0000002c,00000000,00000000) ret=7f675ab2a777
001d:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000002c) ret=7f675ab330b4
001d:Ret  ntdll.RtlAllocateHeap() retval=00046b80 ret=7f675ab330b4
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00031770) ret=7f675ab22199
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00046b80) ret=7f675ab330d9
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00046b40) ret=7f675ab2048f
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab2048f
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab16abf
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab16abf
001d:Ret  rpcrt4.NdrGetBuffer() retval=00031530 ret=7f675ac302fa
001d:Call rpcrt4.NdrPointerMarshall(0024f2c0,00000000,7f675ac42d0c) ret=7f675ac3030c
001d:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f675ac3030c
001d:Call rpcrt4.NdrPointerMarshall(0024f2c0,00000000,7f675ac431f0) ret=7f675ac3031e
001d:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f675ac3031e
001d:Call rpcrt4.NdrSendReceive(0024f2c0,0003153c) ret=7f675ac30384
001d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
001d:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f675ab22f33
001d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000024) ret=7f675ab20cd7
001d:Ret  ntdll.RtlAllocateHeap() retval=00046b40 ret=7f675ab20cd7
001d:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0024ec40,00046b40,00000024,00000000,00000000) ret=7f675ab2a5f6
001d:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00046b40) ret=7f675ab20d3f
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00031770) ret=7f675ab22fef
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001d:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0024ecc0,7374756f00000010,00000000,00000000) ret=7f675ab2a777
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=000469d0 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000469e0,00000008,00000000,00000000) ret=7fe363e9e777
001d:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001d:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00046990,0000000c,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00046db0 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00046990,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=00046f10 ret=7fe363e99242
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0012:Call rpcrt4.NdrServerInitializeNew(00046880,0059f620,7fe36475ed20) ret=7fe36474ca88
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474ca88
0012:Call rpcrt4.NdrPointerUnmarshall(0059f620,0059f7b8,7fe3647587ec,00000000) ret=7fe36474cb7c
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0012:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb7c
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0012:Call rpcrt4.NdrPointerUnmarshall(0059f620,0059f7c0,7fe364758cd0,00000000) ret=7fe36474cb95
0012:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb95
0012:Call rpcrt4.NdrContextHandleInitialize(0059f620,7fe3647587f4) ret=7fe36474cbfd
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0012:Ret  ntdll.RtlAllocateHeap() retval=00046fb0 ret=7fe363e8afef
0012:Call ntdll.RtlInitializeResource(00046fe8) ret=7fe363e8b007
0012:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0012:Call ntdll.RtlAcquireResourceExclusive(00046fe8,00000001) ret=7fe363e8b01e
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrContextHandleInitialize() retval=00046fb0 ret=7fe36474cbfd
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe36473ec5f
0012:Ret  ntdll.RtlAllocateHeap() retval=000470e0 ret=7fe36473ec5f
0012:Call ntdll.RtlMapGenericMask(000470e4,7fe364757840) ret=7fe36473ec92
0012:Ret  ntdll.RtlMapGenericMask() retval=00000001 ret=7fe36473ec92
0012:Call rpcrt4.I_RpcGetBuffer(00046880) ret=7fe36474cc4c
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00047120 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474cc4c
0012:Call rpcrt4.NdrServerContextNewMarshall(0059f620,00046fb0,7fe36474416c,7fe3647587f4) ret=7fe36474cc83
0012:Call advapi32.SystemFunction036(00046fd8,00000010) ret=7fe363ea5e90
0012:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363ea8141
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0012:Call ntdll.RtlReleaseResource(00046fe8) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474cc83
0012:Call rpcrt4.NdrPointerFree(0059f620,00000000,7fe3647587ec) ret=7fe36474a76b
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a76b
0012:Call rpcrt4.NdrPointerFree(0059f620,00000000,7fe364758cd0) ret=7fe36474a781
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a781
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=00047160 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(000000f0,0000013c,00000000,00000000,0059f750,00047160,00000030,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047160) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046db0) ret=7fe363ea70d9
001d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047120) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001d:Ret  ntdll.RtlAllocateHeap() retval=00046b40 ret=7f675ab21f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000469d0) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046880) ret=7fe363e9966b
001d:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046b50,00000008,00000000,00000000) ret=7f675ab2a777
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001d:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab22011
001d:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f675ab22011
001d:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00031770,00000018,00000000,00000000) ret=7f675ab2a777
001d:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab330b4
001d:Ret  ntdll.RtlAllocateHeap() retval=00046b80 ret=7f675ab330b4
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00031770) ret=7f675ab22199
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00046b40) ret=7f675ab23336
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00031530) ret=7f675ab330d9
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001d:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac30384
001d:Call rpcrt4.NdrClientContextUnmarshall(0024f2c0,0024f6b0,000315b0) ret=7f675ac303cb
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f675aaf5958
001d:Ret  ntdll.RtlAllocateHeap() retval=00031770 ret=7f675aaf5958
001d:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f675ab1a4e8
001d:Ret  ntdll.RtlAllocateHeap() retval=00046bc0 ret=7f675ab1a4e8
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f675ab17afb
001d:Ret  ntdll.RtlAllocateHeap() retval=00046b40 ret=7f675ab17afb
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17afb
001d:Ret  ntdll.RtlAllocateHeap() retval=00031530 ret=7f675ab17afb
001d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17afb
001d:Ret  ntdll.RtlAllocateHeap() retval=00046c50 ret=7f675ab17afb
001d:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f675ac303cb
001d:Call rpcrt4.NdrFreeBuffer(0024f2c0) ret=7f675ac2cb51
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00046b80) ret=7f675ab330d9
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001d:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac2cb51
001d:Call rpcrt4.RpcBindingFree(0024f060) ret=7f675ac24083
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00046770) ret=7f675ab1aefd
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1aefd
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00046730) ret=7f675ab1af15
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af15
001d:Call ntdll.RtlFreeHeap(00030000,00000000,000466f0) ret=7f675ab1af2d
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af2d
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1af45
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af45
001d:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1af5d
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af5d
001d:Call ntdll.RtlFreeHeap(00030000,00000000,000315b0) ret=7f675ab1af90
001d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af90
001d:Ret  rpcrt4.RpcBindingFree() retval=00000000 ret=7f675ac24083
000d:Ret  KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7fe364746577
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000034) ret=7fe364746307
000d:Ret  ntdll.RtlAllocateHeap() retval=00046880 ret=7fe364746307
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,0000005c) ret=7fe36474071f
000d:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe36474071f
000d:Call KERNEL32.WriteFile(00000124,00046990,0000005c,0024f61c,0024f620) ret=7fe3647407b9
000d:Ret  KERNEL32.WriteFile() retval=00000001 ret=7fe3647407b9
000d:Call KERNEL32.ReadFile(00000124,0024f6c4,00000004,0024f61c,0024f620) ret=7fe36474092c
000d:Ret  KERNEL32.ReadFile() retval=00000000 ret=7fe36474092c
000d:Call KERNEL32.WaitForSingleObject(00000120,00002710) ret=7fe364740a04
001f:Call PE DLL (proc=0x7f675ab35e5b,module=0x7f675aae0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
001f:Ret  PE DLL (proc=0x7f675ab35e5b,module=0x7f675aae0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
001f:Starting thread proc 0x7f675ac25101 (arg=0x314f0)
001f:Call rpcrt4.NdrClientInitializeNew(0034f690,0034f7d0,7f675ac58d00,00000010) ret=7f675ac305d7
001f:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac305d7
001f:Call rpcrt4.NDRCContextBinding(00031770) ret=7f675ac305e8
001f:Ret  rpcrt4.NDRCContextBinding() retval=00046bc0 ret=7f675ac305e8
001f:Call rpcrt4.NdrConformantStringBufferSize(0034f7d0,000315b0,7f675ac42d22) ret=7f675ac3060d
001f:Ret  rpcrt4.NdrConformantStringBufferSize() retval=00000044 ret=7f675ac3060d
001f:Call rpcrt4.NdrGetBuffer(0034f7d0,00000044,00046bc0) ret=7f675ac30624
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=000466f0 ret=7f675ab330b4
001f:Ret  rpcrt4.NdrGetBuffer() retval=000466f0 ret=7f675ac30624
001f:Call rpcrt4.NdrClientContextMarshall(0034f7d0,00031770,00000000) ret=7f675ac30632
001f:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f675ac30632
001f:Call rpcrt4.NdrConformantStringMarshall(0034f7d0,000315b0,7f675ac42d22) ret=7f675ac30644
001f:Ret  rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7f675ac30644
001f:Call rpcrt4.NdrSendReceive(0034f7d0,0004672c) ret=7f675ac306aa
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
001f:Ret  ntdll.RtlAllocateHeap() retval=00046b80 ret=7f675ab22f33
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7f675ab31492
001f:Ret  ntdll.RtlAllocateHeap() retval=00046c90 ret=7f675ab31492
001f:Call KERNEL32.InitializeCriticalSection(00046ca0) ret=7f675ab314a3
001f:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f675ab314a3
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000054) ret=7f675ab20cd7
001f:Ret  ntdll.RtlAllocateHeap() retval=00046d00 ret=7f675ab20cd7
001f:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034f150,00046d00,00000054,00000000,00000000) ret=7f675ab2a5f6
001f:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046d00) ret=7f675ab20d3f
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046b80) ret=7f675ab22fef
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034f1d0,7374756f00000010,00000000,00000000) ret=7f675ab2a777
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001e:Call KERNEL32.CloseHandle(0000013c) ret=7fe363e9e6ff
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001f:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001f:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00045910,00000008,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003c) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=00047120 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00047120,0000003c,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003c) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00047170 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00047120) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=00046f70 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00046f70,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=00046e90 ret=7fe363e99242
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0013:Call rpcrt4.NdrServerInitializeNew(00046f10,006af620,7fe36475ed20) ret=7fe36474fce2
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474fce2
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Call rpcrt4.NdrServerContextNewUnmarshall(006af620,7fe3647587fc) ret=7fe36474fdcb
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0013:Call ntdll.RtlAcquireResourceExclusive(00046fe8,00000001) ret=7fe363e8b140
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00047200 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00046fb0 ret=7fe36474fdcb
0013:Call rpcrt4.NdrConformantStringUnmarshall(006af620,006af7c0,7fe364758802,00000000) ret=7fe36474fdec
0013:Ret  rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7fe36474fdec
0013:Call rpcrt4.NdrContextHandleInitialize(006af620,7fe364758804) ret=7fe36474fe54
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0013:Ret  ntdll.RtlAllocateHeap() retval=000472f0 ret=7fe363e8afef
0013:Call ntdll.RtlInitializeResource(00047328) ret=7fe363e8b007
0013:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0013:Call ntdll.RtlAcquireResourceExclusive(00047328,00000001) ret=7fe363e8b01e
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=000473e0 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrContextHandleInitialize() retval=000472f0 ret=7fe36474fe54
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe36473debd
0013:Ret  ntdll.RtlAllocateHeap() retval=00047420 ret=7fe36473debd
0013:Call ntdll.RtlMapGenericMask(00047424,7fe364757830) ret=7fe36473defb
0013:Ret  ntdll.RtlMapGenericMask() retval=00008000 ret=7fe36473defb
0013:Call rpcrt4.I_RpcGetBuffer(00046f10) ret=7fe36474fea7
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00047460 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474fea7
0013:Call rpcrt4.NdrServerContextNewMarshall(006af620,000472f0,7fe36474416c,7fe364758804) ret=7fe36474fede
0013:Call advapi32.SystemFunction036(00047318,00000010) ret=7fe363ea5e90
0013:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000473e0) ret=7fe363ea8141
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0013:Call ntdll.RtlReleaseResource(00047328) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474fede
0013:Call rpcrt4.NdrPointerFree(006af620,00047190,7fe364758800) ret=7fe36474ff62
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474ff62
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047200) ret=7fe363ea81aa
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0013:Call ntdll.RtlReleaseResource(00046fe8) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=000473e0 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=00047200 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(000000f0,00000144,00000000,00000000,006af750,00047200,00000030,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047200) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000473e0) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047170) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047460) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046f10) ret=7fe363e9966b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
001f:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
001f:Ret  ntdll.RtlAllocateHeap() retval=00046d00 ret=7f675ab21f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046f70) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046d10,00000008,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab22011
001f:Ret  ntdll.RtlAllocateHeap() retval=00046b80 ret=7f675ab22011
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046b80,00000018,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00046d40 ret=7f675ab330b4
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046b80) ret=7f675ab22199
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046d00) ret=7f675ab23336
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001f:Call ntdll.RtlFreeHeap(00030000,00000000,000466f0) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac306aa
001f:Call rpcrt4.NdrClientContextUnmarshall(0034f7d0,0034fbb0,00046bc0) ret=7f675ac306f0
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f675aaf5958
001f:Ret  ntdll.RtlAllocateHeap() retval=000466f0 ret=7f675aaf5958
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f675ab1a4e8
001f:Ret  ntdll.RtlAllocateHeap() retval=00046d80 ret=7f675ab1a4e8
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00046b80 ret=7f675ab17afb
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00046d00 ret=7f675ab17afb
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00046e10 ret=7f675ab17afb
001f:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f675ac306f0
001f:Call rpcrt4.NdrFreeBuffer(0034f7d0) ret=7f675ac30753
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046d40) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac30753
001f:Call rpcrt4.NdrClientInitializeNew(0034f690,0034f7d0,7f675ac58d00,00000010) ret=7f675ac305d7
001f:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac305d7
001f:Call rpcrt4.NDRCContextBinding(00031770) ret=7f675ac305e8
001f:Ret  rpcrt4.NDRCContextBinding() retval=00046bc0 ret=7f675ac305e8
001f:Call rpcrt4.NdrConformantStringBufferSize(0034f7d0,000315b0,7f675ac42d22) ret=7f675ac3060d
001f:Ret  rpcrt4.NdrConformantStringBufferSize() retval=00000044 ret=7f675ac3060d
001f:Call rpcrt4.NdrGetBuffer(0034f7d0,00000044,00046bc0) ret=7f675ac30624
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000044) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00046e50 ret=7f675ab330b4
001f:Ret  rpcrt4.NdrGetBuffer() retval=00046e50 ret=7f675ac30624
001f:Call rpcrt4.NdrClientContextMarshall(0034f7d0,00031770,00000000) ret=7f675ac30632
001f:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f675ac30632
001f:Call rpcrt4.NdrConformantStringMarshall(0034f7d0,000315b0,7f675ac42d22) ret=7f675ac30644
001f:Ret  rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7f675ac30644
001f:Call rpcrt4.NdrSendReceive(0034f7d0,00046e8c) ret=7f675ac306aa
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
001f:Ret  ntdll.RtlAllocateHeap() retval=00046d40 ret=7f675ab22f33
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000054) ret=7f675ab20cd7
001f:Ret  ntdll.RtlAllocateHeap() retval=00046eb0 ret=7f675ab20cd7
001f:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034f150,00046eb0,00000054,00000000,00000000) ret=7f675ab2a5f6
001f:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046eb0) ret=7f675ab20d3f
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046d40) ret=7f675ab22fef
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034f1d0,7374756f00000010,00000000,00000000) ret=7f675ab2a777
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001e:Call KERNEL32.CloseHandle(00000144) ret=7fe363e9e6ff
001f:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001f:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=000473e0 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000473f0,00000008,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003c) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=00046f10 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00046f10,0000003c,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003c) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00046db0 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00046f10) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045900,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=00047200 ret=7fe363e99242
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0012:Call rpcrt4.NdrServerInitializeNew(00046e90,0059f620,7fe36475ed20) ret=7fe36474fce2
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474fce2
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f620,7fe3647587fc) ret=7fe36474fdcb
0012:Call ntdll.RtlAcquireResourceExclusive(00046fe8,00000001) ret=7fe363e8b140
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00046f50 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00046fb0 ret=7fe36474fdcb
0012:Call rpcrt4.NdrConformantStringUnmarshall(0059f620,0059f7c0,7fe364758802,00000000) ret=7fe36474fdec
0012:Ret  rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7fe36474fdec
0012:Call rpcrt4.NdrContextHandleInitialize(0059f620,7fe364758804) ret=7fe36474fe54
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0012:Ret  ntdll.RtlAllocateHeap() retval=00047460 ret=7fe363e8afef
0012:Call ntdll.RtlInitializeResource(00047498) ret=7fe363e8b007
0012:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0012:Call ntdll.RtlAcquireResourceExclusive(00047498,00000001) ret=7fe363e8b01e
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00047550 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrContextHandleInitialize() retval=00047460 ret=7fe36474fe54
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe36473debd
0012:Ret  ntdll.RtlAllocateHeap() retval=00047590 ret=7fe36473debd
0012:Call ntdll.RtlMapGenericMask(00047594,7fe364757830) ret=7fe36473defb
0012:Ret  ntdll.RtlMapGenericMask() retval=0002008f ret=7fe36473defb
0012:Call rpcrt4.I_RpcGetBuffer(00046e90) ret=7fe36474fea7
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=000475d0 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474fea7
0012:Call rpcrt4.NdrServerContextNewMarshall(0059f620,00047460,7fe36474416c,7fe364758804) ret=7fe36474fede
0012:Call advapi32.SystemFunction036(00047488,00000010) ret=7fe363ea5e90
0012:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047550) ret=7fe363ea8141
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0012:Call ntdll.RtlReleaseResource(00047498) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474fede
0012:Call rpcrt4.NdrPointerFree(0059f620,00046dd0,7fe364758800) ret=7fe36474ff62
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474ff62
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046f50) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0012:Call ntdll.RtlReleaseResource(00046fe8) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=00047550 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=00046f50 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(000000f0,0000014c,00000000,00000000,0059f750,00046f50,00000030,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046f50) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047550) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046db0) ret=7fe363ea70d9
001f:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000475d0) ret=7fe363ea70d9
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001f:Ret  ntdll.RtlAllocateHeap() retval=00046eb0 ret=7f675ab21f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000473e0) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046ec0,00000008,00000000,00000000) ret=7f675ab2a777
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046e90) ret=7fe363e9966b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001f:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab22011
001f:Ret  ntdll.RtlAllocateHeap() retval=00046d40 ret=7f675ab22011
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046d40,00000018,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00046ef0 ret=7f675ab330b4
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046d40) ret=7f675ab22199
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046eb0) ret=7f675ab23336
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046e50) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac306aa
001f:Call rpcrt4.NdrClientContextUnmarshall(0034f7d0,0034fbb0,00046bc0) ret=7f675ac306f0
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f675aaf5958
001f:Ret  ntdll.RtlAllocateHeap() retval=00046e50 ret=7f675aaf5958
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f675ab1a4e8
001f:Ret  ntdll.RtlAllocateHeap() retval=00046f30 ret=7f675ab1a4e8
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00046d40 ret=7f675ab17afb
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00046fc0 ret=7f675ab17afb
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00047000 ret=7f675ab17afb
001f:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f675ac306f0
001f:Call rpcrt4.NdrFreeBuffer(0034f7d0) ret=7f675ac30753
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046ef0) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac30753
000d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe364740a04
0020:Call PE DLL (proc=0x7f675ab35e5b,module=0x7f675aae0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
0020:Ret  PE DLL (proc=0x7f675ab35e5b,module=0x7f675aae0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
000d:Call KERNEL32.GetOverlappedResult(00000124,0024f620,0024f61c,00000000) ret=7fe364740990
000d:Ret  KERNEL32.GetOverlappedResult() retval=00000001 ret=7fe364740990
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe364740823
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364740823
0020:Starting thread proc 0x7f675ac23474 (arg=0x31480)
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00046880) ret=7fe364746401
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364746401
000d:Call KERNEL32.WaitForMultipleObjects(00000002,0024f6f0,00000000,00002710) ret=7fe3647464eb
0020:Call KERNEL32.LoadLibraryW(7f675cac92a0 L"win32k.sys") ret=7f675cac89ba
0020:Ret  KERNEL32.LoadLibraryW() retval=7f675caa0000 ret=7f675cac89ba
0020:Call KERNEL32.LoadLibraryW(7f675cac92c0 L"dxgkrnl.sys") ret=7f675cac89d4
0020:Ret  KERNEL32.LoadLibraryW() retval=7f675b4e0000 ret=7f675cac89d4
0020:Call KERNEL32.LoadLibraryW(7f675cac92e0 L"dxgmms1.sys") ret=7f675cac89d4
0020:Ret  KERNEL32.LoadLibraryW() retval=7f675b4c0000 ret=7f675cac89d4
0020:Call ntdll.LdrLockLoaderLock(00000000,00000000,0046fb98) ret=7f675cac8a21
0020:Ret  ntdll.LdrLockLoaderLock() retval=00000000 ret=7f675cac8a21
0020:Call KERNEL32.GetModuleHandleW(7f675cac9300 L"ntoskrnl.exe") ret=7f675cac8a2d
0020:Ret  KERNEL32.GetModuleHandleW() retval=7f675ab80000 ret=7f675cac8a2d
0020:Call ntdll.LdrFindEntryForAddress(7f675ab80000,0046fb90) ret=7f675cac8a3a
0020:Ret  ntdll.LdrFindEntryForAddress() retval=00000000 ret=7f675cac8a3a
0020:Call ntdll.LdrUnlockLoaderLock(00000000,00000020) ret=7f675cac8b0f
0020:Ret  ntdll.LdrUnlockLoaderLock() retval=00000000 ret=7f675cac8b0f
0020:Call advapi32.OpenSCManagerW(00000000,00000000,00000001) ret=7f675cac8b40
0020:Call rpcrt4.NdrClientInitializeNew(0046f500,0046f640,7f675ac58d00,0000000f) ret=7f675ac302a4
0020:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac302a4
0020:Call rpcrt4.RpcStringBindingComposeW(00000000,0046f3b0 L"ncacn_np",00000000,0046f3d0 L"\\pipe\\svcctl",00000000,0046f3a0) ret=7f675ac2325f
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7f675ab18c0c
0020:Ret  ntdll.RtlAllocateHeap() retval=00047090 ret=7f675ab18c0c
0020:Ret  rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7f675ac2325f
0020:Call rpcrt4.RpcBindingFromStringBindingW(00047090 L"ncacn_np:[\\\\pipe\\\\svcctl]",0046f3a8) ret=7f675ac232c0
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7f675ab179c5
0020:Ret  ntdll.RtlAllocateHeap() retval=00047250 ret=7f675ab179c5
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000002) ret=7f675ab179c5
0020:Ret  ntdll.RtlAllocateHeap() retval=00047100 ret=7f675ab179c5
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7f675ab179c5
0020:Ret  ntdll.RtlAllocateHeap() retval=00047140 ret=7f675ab179c5
0020:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f675ab17908
0020:Ret  ntdll.RtlAllocateHeap() retval=00047790 ret=7f675ab17908
0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047250 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000) ret=7f675ab17b63
0020:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f675ab17b63
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f675ab17b7d
0020:Ret  ntdll.RtlAllocateHeap() retval=00047820 ret=7f675ab17b7d
0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047250 L"ncacn_np",ffffffff,00047820,00000009,00000000,00000000) ret=7f675ab17bae
0020:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f675ab17bae
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1b8a2
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1b8a2
0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047100 L"",ffffffff,00000000,00000000,00000000,00000000) ret=7f675ab17b63
0020:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f675ab17b63
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17b7d
0020:Ret  ntdll.RtlAllocateHeap() retval=00047860 ret=7f675ab17b7d
0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047100 L"",ffffffff,00047860,00000001,00000000,00000000) ret=7f675ab17bae
0020:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f675ab17bae
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1b8d2
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1b8d2
0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047140 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000) ret=7f675ab17b63
0020:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f675ab17b63
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17b7d
0020:Ret  ntdll.RtlAllocateHeap() retval=000478a0 ret=7f675ab17b7d
0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047140 L"\\pipe\\svcctl",ffffffff,000478a0,0000000d,00000000,00000000) ret=7f675ab17bae
0020:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f675ab17bae
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1b8fd
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1b8fd
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab31723
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047140) ret=7f675ab31723
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047100) ret=7f675ab31723
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047250) ret=7f675ab31723
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab31723
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
0020:Ret  rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7f675ac232c0
0020:Call rpcrt4.RpcStringFreeW(0046f3a0) ret=7f675ac232ca
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047090) ret=7f675ab31723
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
0020:Ret  rpcrt4.RpcStringFreeW() retval=00000000 ret=7f675ac232ca
0020:Call rpcrt4.NdrPointerBufferSize(0046f640,00000000,7f675ac42d0c) ret=7f675ac302d1
0020:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f675ac302d1
0020:Call rpcrt4.NdrPointerBufferSize(0046f640,00000000,7f675ac431f0) ret=7f675ac302e3
0020:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f675ac302e3
0020:Call rpcrt4.NdrGetBuffer(0046f640,00000010,00047790) ret=7f675ac302fa
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7f675ab330b4
0020:Ret  ntdll.RtlAllocateHeap() retval=00047250 ret=7f675ab330b4
0020:Ret  rpcrt4.NdrGetBuffer() retval=00047250 ret=7f675ac302fa
0020:Call rpcrt4.NdrPointerMarshall(0046f640,00000000,7f675ac42d0c) ret=7f675ac3030c
0020:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f675ac3030c
0020:Call rpcrt4.NdrPointerMarshall(0046f640,00000000,7f675ac431f0) ret=7f675ac3031e
0020:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f675ac3031e
0020:Call rpcrt4.NdrSendReceive(0046f640,0004725c) ret=7f675ac30384
0020:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
0020:Ret  ntdll.RtlAllocateHeap() retval=00047090 ret=7f675ab22f33
0020:Call ntdll.RtlAllocateHeap(00030000,00000008,00000058) ret=7f675ab31492
0020:Ret  ntdll.RtlAllocateHeap() retval=000470d0 ret=7f675ab31492
0020:Call KERNEL32.InitializeCriticalSection(000470e0) ret=7f675ab314a3
0020:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f675ab314a3
0020:Call ntdll.RtlAllocateHeap(00030000,00000008,00000024) ret=7f675ab20cd7
0020:Ret  ntdll.RtlAllocateHeap() retval=000478e0 ret=7f675ab20cd7
0020:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0046efc0,000478e0,00000024,00000000,00000000) ret=7f675ab2a5f6
0020:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
0020:Call ntdll.RtlFreeHeap(00030000,00000000,000478e0) ret=7f675ab20d3f
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047090) ret=7f675ab22fef
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0020:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0046f040,ffffffff00000010,00000000,00000000) ret=7f675ab2a777
001e:Call KERNEL32.CloseHandle(0000014c) ret=7fe363e9e6ff
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=00047550 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00047560,00000008,00000000,00000000) ret=7fe363e9e777
0020:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
0020:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=000473e0 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000473e0,0000000c,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,000473e0) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00045900,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=00046880 ret=7fe363e99242
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0013:Call rpcrt4.NdrServerInitializeNew(00047200,006af620,7fe36475ed20) ret=7fe36474ca88
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474ca88
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0013:Call rpcrt4.NdrPointerUnmarshall(006af620,006af7b8,7fe3647587ec,00000000) ret=7fe36474cb7c
0013:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb7c
0013:Call rpcrt4.NdrPointerUnmarshall(006af620,006af7c0,7fe364758cd0,00000000) ret=7fe36474cb95
0013:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb95
0013:Call rpcrt4.NdrContextHandleInitialize(006af620,7fe3647587f4) ret=7fe36474cbfd
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0013:Ret  ntdll.RtlAllocateHeap() retval=00046db0 ret=7fe363e8afef
0013:Call ntdll.RtlInitializeResource(00046de8) ret=7fe363e8b007
0013:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0013:Call ntdll.RtlAcquireResourceExclusive(00046de8,00000001) ret=7fe363e8b01e
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrContextHandleInitialize() retval=00046db0 ret=7fe36474cbfd
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe36473ec5f
0013:Ret  ntdll.RtlAllocateHeap() retval=00046ea0 ret=7fe36473ec5f
0013:Call ntdll.RtlMapGenericMask(00046ea4,7fe364757840) ret=7fe36473ec92
0013:Ret  ntdll.RtlMapGenericMask() retval=00000001 ret=7fe36473ec92
0013:Call rpcrt4.I_RpcGetBuffer(00047200) ret=7fe36474cc4c
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00046ee0 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474cc4c
0013:Call rpcrt4.NdrServerContextNewMarshall(006af620,00046db0,7fe36474416c,7fe3647587f4) ret=7fe36474cc83
0013:Call advapi32.SystemFunction036(00046dd8,00000010) ret=7fe363ea5e90
0013:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363ea8141
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0013:Call ntdll.RtlReleaseResource(00046de8) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474cc83
0013:Call rpcrt4.NdrPointerFree(006af620,00000000,7fe3647587ec) ret=7fe36474a76b
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a76b
0013:Call rpcrt4.NdrPointerFree(006af620,00000000,7fe364758cd0) ret=7fe36474a781
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a781
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=00046f20 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(000000f0,00000154,00000000,00000000,006af750,00046f20,00000030,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046f20) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046ee0) ret=7fe363ea70d9
0020:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047550) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047200) ret=7fe363e9966b
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0020:Ret  ntdll.RtlAllocateHeap() retval=000478e0 ret=7f675ab21f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0020:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,000478f0,00000008,00000000,00000000) ret=7f675ab2a777
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0020:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab22011
0020:Ret  ntdll.RtlAllocateHeap() retval=00047090 ret=7f675ab22011
0020:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047090,00000018,00000000,00000000) ret=7f675ab2a777
0020:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab330b4
0020:Ret  ntdll.RtlAllocateHeap() retval=00047920 ret=7f675ab330b4
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047090) ret=7f675ab22199
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
0020:Call ntdll.RtlFreeHeap(00030000,00000000,000478e0) ret=7f675ab23336
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047250) ret=7f675ab330d9
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
0020:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac30384
0020:Call rpcrt4.NdrClientContextUnmarshall(0046f640,0046fa30,00047790) ret=7f675ac303cb
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f675aaf5958
0020:Ret  ntdll.RtlAllocateHeap() retval=00047250 ret=7f675aaf5958
0020:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f675ab1a4e8
0020:Ret  ntdll.RtlAllocateHeap() retval=00047960 ret=7f675ab1a4e8
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f675ab17afb
0020:Ret  ntdll.RtlAllocateHeap() retval=00047090 ret=7f675ab17afb
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17afb
0020:Ret  ntdll.RtlAllocateHeap() retval=000478e0 ret=7f675ab17afb
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17afb
0020:Ret  ntdll.RtlAllocateHeap() retval=000479f0 ret=7f675ab17afb
0020:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f675ac303cb
0020:Call rpcrt4.NdrFreeBuffer(0046f640) ret=7f675ac2cb51
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047920) ret=7f675ab330d9
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
0020:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac2cb51
0020:Call rpcrt4.RpcBindingFree(0046f3e0) ret=7f675ac24083
0020:Call ntdll.RtlFreeHeap(00030000,00000000,000478a0) ret=7f675ab1aefd
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1aefd
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047860) ret=7f675ab1af15
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af15
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047820) ret=7f675ab1af2d
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af2d
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1af45
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af45
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1af5d
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af5d
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047790) ret=7f675ab1af90
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af90
0020:Ret  rpcrt4.RpcBindingFree() retval=00000000 ret=7f675ac24083
0020:Ret  advapi32.OpenSCManagerW() retval=00047250 ret=7f675cac8b40
0020:Call advapi32.RegisterServiceCtrlHandlerExW(7f675cac9330 L"winedevice",7f675cac8d0c,00047058) ret=7f675cac8b66
0020:Ret  advapi32.RegisterServiceCtrlHandlerExW() retval=000466f0 ret=7f675cac8b66
0020:Call advapi32.SetServiceStatus(000466f0,0046fba0) ret=7f675cac8bbc
0020:Call rpcrt4.NdrClientInitializeNew(0046f550,0046f690,7f675ac58d00,00000007) ret=7f675ac2e468
0020:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac2e468
0020:Call rpcrt4.NDRCContextBinding(000466f0) ret=7f675ac2e479
0020:Ret  rpcrt4.NDRCContextBinding() retval=00046d80 ret=7f675ac2e479
0020:Call rpcrt4.NdrGetBuffer(0046f690,00000038,00046d80) ret=7f675ac2e49c
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f675ab330b4
0020:Ret  ntdll.RtlAllocateHeap() retval=00047790 ret=7f675ab330b4
0020:Ret  rpcrt4.NdrGetBuffer() retval=00047790 ret=7f675ac2e49c
0020:Call rpcrt4.NdrClientContextMarshall(0046f690,000466f0,00000000) ret=7f675ac2e4aa
0020:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f675ac2e4aa
0020:Call rpcrt4.NdrSimpleStructMarshall(0046f690,0046fba0,7f675ac42c44) ret=7f675ac2e4bc
0020:Ret  rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7f675ac2e4bc
0020:Call rpcrt4.NdrSendReceive(0046f690,000477c0) ret=7f675ac2e4cc
0020:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
0020:Ret  ntdll.RtlAllocateHeap() retval=00047920 ret=7f675ab22f33
0020:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7f675ab20cd7
0020:Ret  ntdll.RtlAllocateHeap() retval=000477e0 ret=7f675ab20cd7
0020:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0046f010,000477e0,00000048,00000000,00000000) ret=7f675ab2a5f6
0020:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
0020:Call ntdll.RtlFreeHeap(00030000,00000000,000477e0) ret=7f675ab20d3f
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001e:Call KERNEL32.CloseHandle(00000154) ret=7fe363e9e6ff
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047920) ret=7f675ab22fef
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
0020:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0046f090,ffffffff00000010,00000000,00000000) ret=7f675ab2a777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00046e70,00000008,00000000,00000000) ret=7fe363e9e777
0020:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
0020:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000470a0,00000030,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=000473e0 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000473e0,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0012:Call rpcrt4.NdrServerInitializeNew(00046880,0059f630,7fe36475ed20) ret=7fe36474c404
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474c404
001e:Ret  ntdll.RtlAllocateHeap() retval=00047200 ret=7fe363e99242
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f630,7fe364758720) ret=7fe36474c4e1
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0012:Call ntdll.RtlAcquireResourceExclusive(00047328,00000001) ret=7fe363e8b140
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=000472f0 ret=7fe36474c4e1
0012:Call rpcrt4.NdrSimpleStructUnmarshall(0059f630,0059f7d0,7fe364758724,00000000) ret=7fe36474c502
0012:Ret  rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7fe36474c502
0012:Call KERNEL32.SetEvent(00000118) ret=7fe36473fc9e
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0012:Ret  KERNEL32.SetEvent() retval=00000001 ret=7fe36473fc9e
000d:Ret  KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7fe3647464eb
0012:Call rpcrt4.I_RpcGetBuffer(00046880) ret=7fe36474c56d
000d:Call KERNEL32.ReleaseMutex(0000011c) ret=7fe364746453
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000008) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00046ee0 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474c56d
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
000d:Ret  KERNEL32.ReleaseMutex() retval=00000001 ret=7fe364746453
0012:Call ntdll.RtlReleaseResource(00047328) ret=7fe363e8b409
000d:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe3647460cb
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe3647460cb
000d:Call KERNEL32.ResetEvent(00000068) ret=7fe364745c38
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,0000001c) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363e94cd7
000d:Ret  KERNEL32.ResetEvent() retval=00000001 ret=7fe364745c38
000d:Call KERNEL32.WaitForSingleObject(0000011c,00007530) ret=7fe364745c73
000d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe364745c73
000d:Call KERNEL32.ConnectNamedPipe(00000124,0024faf0) ret=7fe36474624a
0012:Call ntdll.NtWriteFile(000000f0,00000154,00000000,00000000,0059f750,000457d0,0000001c,00000000,00000000) ret=7fe363e9e5f6
000d:Ret  KERNEL32.ConnectNamedPipe() retval=00000000 ret=7fe36474624a
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7fe364746307
000d:Ret  ntdll.RtlAllocateHeap() retval=00046f20 ret=7fe364746307
000d:Call ntdll.RtlAllocateHeap(00030000,00000000,00000022) ret=7fe36474071f
000d:Ret  ntdll.RtlAllocateHeap() retval=00047610 ret=7fe36474071f
000d:Call KERNEL32.WriteFile(00000124,00047610,00000022,0024fa3c,0024fa40) ret=7fe3647407b9
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
000d:Ret  KERNEL32.WriteFile() retval=00000001 ret=7fe3647407b9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
000d:Call KERNEL32.ReadFile(00000124,0024fae4,00000004,0024fa3c,0024fa40) ret=7fe36474092c
0020:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046ee0) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363e9448f
0020:Ret  ntdll.RtlAllocateHeap() retval=000477e0 ret=7f675ab21f4b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046880) ret=7fe363e9966b
0020:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,000477f0,00000008,00000000,00000000) ret=7f675ab2a777
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
000d:Ret  KERNEL32.ReadFile() retval=00000000 ret=7fe36474092c
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000473e0) ret=7fe363e996a1
000d:Call KERNEL32.WaitForSingleObject(00000120,00002710) ret=7fe364740a04
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
0020:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f675ab22011
0020:Ret  ntdll.RtlAllocateHeap() retval=00047820 ret=7f675ab22011
0020:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047820,00000004,00000000,00000000) ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000078) ret=7f675cac8eff
0020:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001f:Ret  ntdll.RtlAllocateHeap() retval=00047a30 ret=7f675cac8eff
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f675ab330b4
0020:Ret  ntdll.RtlAllocateHeap() retval=00046ef0 ret=7f675ab330b4
001f:Call ntoskrnl.exe.RtlInitUnicodeString(0034fb20,00047a30 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\WineBus") ret=7f675cac8f70
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001f:Call ntdll.RtlInitUnicodeString(0034fb20,00047a30 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\WineBus") ret=7bca105f
001f:Ret  ntdll.RtlInitUnicodeString() retval=00000076 ret=7bca105f
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047820) ret=7f675ab22199
001f:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=00000076 ret=7f675cac8f70
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001f:Call ntoskrnl.exe.ZwLoadDriver(0034fb20) ret=7f675cac8fa5
0020:Call ntdll.RtlFreeHeap(00030000,00000000,000477e0) ret=7f675ab23336
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000078) ret=7f675ab9be0f
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00047790) ret=7f675ab330d9
001f:Ret  ntdll.RtlAllocateHeap() retval=000477e0 ret=7f675ab9be0f
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
0020:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac2e4cc
001f:Call advapi32.OpenSCManagerW(00000000,00000000,00000001) ret=7f675ab9bef1
0020:Call rpcrt4.NdrFreeBuffer(0046f690) ret=7f675ac2e565
001f:Call rpcrt4.NdrClientInitializeNew(0034f2b0,0034f3f0,7f675ac58d00,0000000f) ret=7f675ac302a4
001f:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac302a4
001f:Call rpcrt4.RpcStringBindingComposeW(00000000,0034f160 L"ncacn_np",00000000,0034f180 L"\\pipe\\svcctl",00000000,0034f150) ret=7f675ac2325f
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000058) ret=7f675ab18c0c
001f:Ret  ntdll.RtlAllocateHeap() retval=00047870 ret=7f675ab18c0c
001f:Ret  rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7f675ac2325f
0020:Call ntdll.RtlFreeHeap(00030000,00000000,00046ef0) ret=7f675ab330d9
0020:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Call rpcrt4.RpcBindingFromStringBindingW(00047870 L"ncacn_np:[\\\\pipe\\\\svcctl]",0034f158) ret=7f675ac232c0
0020:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac2e565
0020:Ret  advapi32.SetServiceStatus() retval=00000001 ret=7f675cac8bbc
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000012) ret=7f675ab179c5
001f:Ret  ntdll.RtlAllocateHeap() retval=00046ef0 ret=7f675ab179c5
0020:Call ntoskrnl.exe.wine_ntoskrnl_main_loop(00000044) ret=7f675cac8bc8
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000002) ret=7f675ab179c5
001f:Ret  ntdll.RtlAllocateHeap() retval=00047790 ret=7f675ab179c5
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001e) ret=7f675ab179c5
001f:Ret  ntdll.RtlAllocateHeap() retval=00047ac0 ret=7f675ab179c5
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f675ab17908
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b00 ret=7f675ab17908
001f:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00046ef0 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000) ret=7f675ab17b63
001f:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f675ab17b63
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f675ab17b7d
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b90 ret=7f675ab17b7d
001f:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00046ef0 L"ncacn_np",ffffffff,00047b90,00000009,00000000,00000000) ret=7f675ab17bae
001f:Ret  KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f675ab17bae
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1b8a2
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1b8a2
001f:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047790 L"",ffffffff,00000000,00000000,00000000,00000000) ret=7f675ab17b63
001f:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f675ab17b63
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17b7d
001f:Ret  ntdll.RtlAllocateHeap() retval=00047bd0 ret=7f675ab17b7d
001f:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047790 L"",ffffffff,00047bd0,00000001,00000000,00000000) ret=7f675ab17bae
001f:Ret  KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f675ab17bae
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1b8d2
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1b8d2
001f:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047ac0 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000) ret=7f675ab17b63
001f:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f675ab17b63
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17b7d
001f:Ret  ntdll.RtlAllocateHeap() retval=00047c10 ret=7f675ab17b7d
001f:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00047ac0 L"\\pipe\\svcctl",ffffffff,00047c10,0000000d,00000000,00000000) ret=7f675ab17bae
001f:Ret  KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f675ab17bae
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1b8fd
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1b8fd
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab31723
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047ac0) ret=7f675ab31723
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047790) ret=7f675ab31723
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046ef0) ret=7f675ab31723
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab31723
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001f:Ret  rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7f675ac232c0
001f:Call rpcrt4.RpcStringFreeW(0034f150) ret=7f675ac232ca
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047870) ret=7f675ab31723
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab31723
001f:Ret  rpcrt4.RpcStringFreeW() retval=00000000 ret=7f675ac232ca
001f:Call rpcrt4.NdrPointerBufferSize(0034f3f0,00000000,7f675ac42d0c) ret=7f675ac302d1
001f:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f675ac302d1
001f:Call rpcrt4.NdrPointerBufferSize(0034f3f0,00000000,7f675ac431f0) ret=7f675ac302e3
001f:Ret  rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f675ac302e3
001f:Call rpcrt4.NdrGetBuffer(0034f3f0,00000010,00047b00) ret=7f675ac302fa
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00047ac0 ret=7f675ab330b4
001f:Ret  rpcrt4.NdrGetBuffer() retval=00047ac0 ret=7f675ac302fa
001f:Call rpcrt4.NdrPointerMarshall(0034f3f0,00000000,7f675ac42d0c) ret=7f675ac3030c
001f:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f675ac3030c
001f:Call rpcrt4.NdrPointerMarshall(0034f3f0,00000000,7f675ac431f0) ret=7f675ac3031e
001f:Ret  rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f675ac3031e
001f:Call rpcrt4.NdrSendReceive(0034f3f0,00047acc) ret=7f675ac30384
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
001f:Ret  ntdll.RtlAllocateHeap() retval=00046ef0 ret=7f675ab22f33
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000024) ret=7f675ab20cd7
001f:Ret  ntdll.RtlAllocateHeap() retval=00047790 ret=7f675ab20cd7
001f:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034ed70,00047790,00000024,00000000,00000000) ret=7f675ab2a5f6
0020:Call ntdll.RtlAllocateHeap(00030000,00000000,00001000) ret=7f675ab92cc8
0020:Ret  ntdll.RtlAllocateHeap() retval=00047c50 ret=7f675ab92cc8
001f:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001e:Call KERNEL32.CloseHandle(00000154) ret=7fe363e9e6ff
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047790) ret=7f675ab20d3f
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046ef0) ret=7f675ab22fef
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034edf0,7374756f00000010,00000000,00000000) ret=7f675ab2a777
0020:Call KERNEL32.WaitForMultipleObjectsEx(00000002,0046f950,00000000,ffffffff,00000001) ret=7f675ab92d63
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001f:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001e:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363e95f4b
001f:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000457e0,00000008,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000470a0,0000000c,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000c) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00046ee0 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,00046e60,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0013:Call rpcrt4.NdrServerInitializeNew(00047200,006af620,7fe36475ed20) ret=7fe36474ca88
001e:Ret  ntdll.RtlAllocateHeap() retval=00046880 ret=7fe363e99242
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474ca88
0013:Call rpcrt4.NdrPointerUnmarshall(006af620,006af7b8,7fe3647587ec,00000000) ret=7fe36474cb7c
0013:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb7c
0013:Call rpcrt4.NdrPointerUnmarshall(006af620,006af7c0,7fe364758cd0,00000000) ret=7fe36474cb95
0013:Ret  rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7fe36474cb95
0013:Call rpcrt4.NdrContextHandleInitialize(006af620,7fe3647587f4) ret=7fe36474cbfd
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0013:Ret  ntdll.RtlAllocateHeap() retval=00047650 ret=7fe363e8afef
0013:Call ntdll.RtlInitializeResource(00047688) ret=7fe363e8b007
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0013:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0013:Call ntdll.RtlAcquireResourceExclusive(00047688,00000001) ret=7fe363e8b01e
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrContextHandleInitialize() retval=00047650 ret=7fe36474cbfd
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe36473ec5f
0013:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe36473ec5f
0013:Call ntdll.RtlMapGenericMask(000470a4,7fe364757840) ret=7fe36473ec92
0013:Ret  ntdll.RtlMapGenericMask() retval=00000001 ret=7fe36473ec92
0013:Call rpcrt4.I_RpcGetBuffer(00047200) ret=7fe36474cc4c
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00047700 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474cc4c
0013:Call rpcrt4.NdrServerContextNewMarshall(006af620,00047650,7fe36474416c,7fe3647587f4) ret=7fe36474cc83
0013:Call advapi32.SystemFunction036(00047678,00000010) ret=7fe363ea5e90
0013:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363ea8141
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0013:Call ntdll.RtlReleaseResource(00047688) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474cc83
0013:Call rpcrt4.NdrPointerFree(006af620,00000000,7fe3647587ec) ret=7fe36474a76b
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a76b
0013:Call rpcrt4.NdrPointerFree(006af620,00000000,7fe364758cd0) ret=7fe36474a781
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474a781
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=00047740 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(000000f0,0000015c,00000000,00000000,006af750,00047740,00000030,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047740) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046ee0) ret=7fe363ea70d9
001f:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047700) ret=7fe363ea70d9
001f:Ret  ntdll.RtlAllocateHeap() retval=00047790 ret=7f675ab21f4b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,000477a0,00000008,00000000,00000000) ret=7f675ab2a777
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047200) ret=7fe363e9966b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001f:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab22011
001f:Ret  ntdll.RtlAllocateHeap() retval=00046ef0 ret=7f675ab22011
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046ef0,00000018,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00047870 ret=7f675ab330b4
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046ef0) ret=7f675ab22199
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047790) ret=7f675ab23336
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047ac0) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac30384
001f:Call rpcrt4.NdrClientContextUnmarshall(0034f3f0,0034f7e0,00047b00) ret=7f675ac303cb
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f675aaf5958
001f:Ret  ntdll.RtlAllocateHeap() retval=00047790 ret=7f675aaf5958
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f675ab1a4e8
001f:Ret  ntdll.RtlAllocateHeap() retval=00048c60 ret=7f675ab1a4e8
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00046ef0 ret=7f675ab17afb
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00047ac0 ret=7f675ab17afb
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00048cf0 ret=7f675ab17afb
001f:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f675ac303cb
001f:Call rpcrt4.NdrFreeBuffer(0034f3f0) ret=7f675ac2cb51
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047870) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac2cb51
001f:Call rpcrt4.RpcBindingFree(0034f190) ret=7f675ac24083
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047c10) ret=7f675ab1aefd
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1aefd
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047bd0) ret=7f675ab1af15
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af15
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b90) ret=7f675ab1af2d
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af2d
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1af45
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af45
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1af5d
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af5d
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b00) ret=7f675ab1af90
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af90
001f:Ret  rpcrt4.RpcBindingFree() retval=00000000 ret=7f675ac24083
001f:Ret  advapi32.OpenSCManagerW() retval=00047790 ret=7f675ab9bef1
001f:Call advapi32.OpenServiceW(00047790,00047848 L"WineBus",00008001) ret=7f675ab9bf39
001f:Call rpcrt4.NdrClientInitializeNew(0034f2c0,0034f400,7f675ac58d00,00000010) ret=7f675ac305d7
001f:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac305d7
001f:Call rpcrt4.NDRCContextBinding(00047790) ret=7f675ac305e8
001f:Ret  rpcrt4.NDRCContextBinding() retval=00048c60 ret=7f675ac305e8
001f:Call rpcrt4.NdrConformantStringBufferSize(0034f400,00047848,7f675ac42d22) ret=7f675ac3060d
001f:Ret  rpcrt4.NdrConformantStringBufferSize() retval=0000003c ret=7f675ac3060d
001f:Call rpcrt4.NdrGetBuffer(0034f400,0000003c,00048c60) ret=7f675ac30624
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,0000003c) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00047870 ret=7f675ab330b4
001f:Ret  rpcrt4.NdrGetBuffer() retval=00047870 ret=7f675ac30624
001f:Call rpcrt4.NdrClientContextMarshall(0034f400,00047790,00000000) ret=7f675ac30632
001f:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f675ac30632
001f:Call rpcrt4.NdrConformantStringMarshall(0034f400,00047848,7f675ac42d22) ret=7f675ac30644
001f:Ret  rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7f675ac30644
001f:Call rpcrt4.NdrSendReceive(0034f400,000478a4) ret=7f675ac306aa
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b00 ret=7f675ab22f33
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,0000004c) ret=7f675ab20cd7
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b40 ret=7f675ab20cd7
001f:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034ed80,00047b40,0000004c,00000000,00000000) ret=7f675ab2a5f6
001f:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b40) ret=7f675ab20d3f
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b00) ret=7f675ab22fef
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034ee00,7374756f00000010,00000000,00000000) ret=7f675ab2a777
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001f:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001e:Call KERNEL32.CloseHandle(0000015c) ret=7fe363e9e6ff
001f:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00045910,00000008,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000034) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=00047120 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00047120,00000034,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000034) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00047170 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00047120) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=000457d0 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000457d0,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=000471c0 ret=7fe363e99242
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0012:Call rpcrt4.NdrServerInitializeNew(00046880,0059f620,7fe36475ed20) ret=7fe36474fce2
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474fce2
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f620,7fe3647587fc) ret=7fe36474fdcb
0012:Call ntdll.RtlAcquireResourceExclusive(00047688,00000001) ret=7fe363e8b140
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00047650 ret=7fe36474fdcb
0012:Call rpcrt4.NdrConformantStringUnmarshall(0059f620,0059f7c0,7fe364758802,00000000) ret=7fe36474fdec
0012:Ret  rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7fe36474fdec
0012:Call rpcrt4.NdrContextHandleInitialize(0059f620,7fe364758804) ret=7fe36474fe54
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,000000a0) ret=7fe363e8afef
0012:Ret  ntdll.RtlAllocateHeap() retval=000477e0 ret=7fe363e8afef
0012:Call ntdll.RtlInitializeResource(00047818) ret=7fe363e8b007
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0012:Ret  ntdll.RtlInitializeResource() retval=00000000 ret=7fe363e8b007
0012:Call ntdll.RtlAcquireResourceExclusive(00047818,00000001) ret=7fe363e8b01e
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b01e
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00047120 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrContextHandleInitialize() retval=000477e0 ret=7fe36474fe54
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe36473debd
0012:Ret  ntdll.RtlAllocateHeap() retval=00047220 ret=7fe36473debd
0012:Call ntdll.RtlMapGenericMask(00047224,7fe364757830) ret=7fe36473defb
0012:Ret  ntdll.RtlMapGenericMask() retval=00008001 ret=7fe36473defb
0012:Call rpcrt4.I_RpcGetBuffer(00046880) ret=7fe36474fea7
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00047890 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474fea7
0012:Call rpcrt4.NdrServerContextNewMarshall(0059f620,000477e0,7fe36474416c,7fe364758804) ret=7fe36474fede
0012:Call advapi32.SystemFunction036(00047808,00000010) ret=7fe363ea5e90
0012:Ret  advapi32.SystemFunction036() retval=00000001 ret=7fe363ea5e90
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047120) ret=7fe363ea8141
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0012:Call ntdll.RtlReleaseResource(00047818) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7fe36474fede
0012:Call rpcrt4.NdrPointerFree(0059f620,00047190,7fe364758800) ret=7fe36474ff62
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe36474ff62
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0012:Call ntdll.RtlReleaseResource(00047688) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=00047120 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(000000f0,00000164,00000000,00000000,0059f750,00047120,00000030,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047120) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047170) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047890) ret=7fe363ea70d9
001f:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363e9448f
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b40 ret=7f675ab21f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046880) ret=7fe363e9966b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047b50,00000008,00000000,00000000) ret=7f675ab2a777
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000457d0) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001f:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab22011
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b00 ret=7f675ab22011
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047b00,00000018,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b80 ret=7f675ab330b4
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b00) ret=7f675ab22199
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b40) ret=7f675ab23336
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047870) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac306aa
001f:Call rpcrt4.NdrClientContextUnmarshall(0034f400,0034f7e0,00048c60) ret=7f675ac306f0
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f675aaf5958
001f:Ret  ntdll.RtlAllocateHeap() retval=00047870 ret=7f675aaf5958
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000080) ret=7f675ab1a4e8
001f:Ret  ntdll.RtlAllocateHeap() retval=00047bc0 ret=7f675ab1a4e8
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000009) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b00 ret=7f675ab17afb
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000001) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00048d30 ret=7f675ab17afb
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,0000000d) ret=7f675ab17afb
001f:Ret  ntdll.RtlAllocateHeap() retval=00048d70 ret=7f675ab17afb
001f:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f675ac306f0
001f:Call rpcrt4.NdrFreeBuffer(0034f400) ret=7f675ac30753
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b80) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac30753
001f:Ret  advapi32.OpenServiceW() retval=00047870 ret=7f675ab9bf39
001f:Call ntdll.RtlFreeHeap(00030000,00000000,000477e0) ret=7f675ab9bf53
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab9bf53
001f:Call advapi32.CloseServiceHandle(00047790) ret=7f675ab9bf5b
001f:Call rpcrt4.NdrClientInitializeNew(0034f310,0034f450,7f675ac58d00,00000000) ret=7f675ac2d04f
001f:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac2d04f
001f:Call rpcrt4.NDRCContextBinding(00047790) ret=7f675ac2d060
001f:Ret  rpcrt4.NDRCContextBinding() retval=00048c60 ret=7f675ac2d060
001f:Call rpcrt4.NdrGetBuffer(0034f450,00000018,00048c60) ret=7f675ac2d08a
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b80 ret=7f675ab330b4
001f:Ret  rpcrt4.NdrGetBuffer() retval=00047b80 ret=7f675ac2d08a
001f:Call rpcrt4.NdrClientContextMarshall(0034f450,00047790,00000001) ret=7f675ac2d09b
001f:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f675ac2d09b
001f:Call rpcrt4.NdrSendReceive(0034f450,00047b94) ret=7f675ac2d0ab
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
001f:Ret  ntdll.RtlAllocateHeap() retval=000477e0 ret=7f675ab22f33
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,0000002c) ret=7f675ab20cd7
001f:Ret  ntdll.RtlAllocateHeap() retval=00048db0 ret=7f675ab20cd7
001f:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034edd0,00048db0,0000002c,00000000,00000000) ret=7f675ab2a5f6
001f:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048db0) ret=7f675ab20d3f
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001f:Call ntdll.RtlFreeHeap(00030000,00000000,000477e0) ret=7f675ab22fef
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034ee50,7374756f00000010,00000000,00000000) ret=7f675ab2a777
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001f:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001e:Call KERNEL32.CloseHandle(00000164) ret=7fe363e9e6ff
001f:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000469a0,00000008,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000014) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00045900,00000014,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000014) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=000473e0 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000473e0,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=00046880 ret=7fe363e99242
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0013:Call rpcrt4.NdrServerInitializeNew(000471c0,006af640,7fe36475ed20) ret=7fe364746be9
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe364746be9
0013:Call rpcrt4.NdrServerContextNewUnmarshall(006af640,7fe3647586c4) ret=7fe364746cb2
0013:Call ntdll.RtlAcquireResourceExclusive(00047688,00000001) ret=7fe363e8b140
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0013:Ret  ntdll.RtlAllocateHeap() retval=00047120 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=00047650 ret=7fe364746cb2
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe36473ea85
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36473ea85
0013:Call rpcrt4.I_RpcGetBuffer(000471c0) ret=7fe364746d15
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe364746d15
0013:Call rpcrt4.NdrServerContextNewMarshall(006af640,00047650,7fe36474416c,7fe3647586c4) ret=7fe364746d51
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047120) ret=7fe363ea8141
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea8141
0013:Call ntdll.RtlReleaseResource(00047688) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Call ntdll.RtlDeleteResource(00047688) ret=7fe363e8a075
0013:Ret  ntdll.RtlDeleteResource() retval=00000000 ret=7fe363e8a075
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047650) ret=7fe363e8a08c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e8a08c
0013:Ret  rpcrt4.NdrServerContextNewMarshall() retval=00000000 ret=7fe364746d51
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=00047550 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=00047120 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(000000f0,00000154,00000000,00000000,006af750,00047120,00000030,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047120) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047550) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363ea70d9
001f:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe363e9448f
001f:Ret  ntdll.RtlAllocateHeap() retval=00048db0 ret=7f675ab21f4b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000471c0) ret=7fe363e9966b
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048dc0,00000008,00000000,00000000) ret=7f675ab2a777
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000473e0) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001f:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab22011
001f:Ret  ntdll.RtlAllocateHeap() retval=000477e0 ret=7f675ab22011
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,000477e0,00000018,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00048df0 ret=7f675ab330b4
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001f:Call ntdll.RtlFreeHeap(00030000,00000000,000477e0) ret=7f675ab22199
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048db0) ret=7f675ab23336
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b80) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac2d0ab
001f:Call rpcrt4.NdrClientContextUnmarshall(0034f450,0034f6e8,00048c60) ret=7f675ac2d0f5
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047790) ret=7f675aaf5937
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675aaf5937
001f:Ret  rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f675ac2d0f5
001f:Call rpcrt4.NdrFreeBuffer(0034f450) ret=7f675ac2d158
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048cf0) ret=7f675ab1aefd
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1aefd
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047ac0) ret=7f675ab1af15
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af15
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046ef0) ret=7f675ab1af2d
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af2d
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1af45
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af45
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab1af5d
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af5d
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048c60) ret=7f675ab1af90
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab1af90
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048df0) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac2d158
001f:Ret  advapi32.CloseServiceHandle() retval=00000001 ret=7f675ab9bf5b
001f:Call advapi32.QueryServiceConfigW(00047870,00000000,00000000,0034f960) ret=7f675ab9bf7e
001f:Call rpcrt4.NdrClientInitializeNew(0034f290,0034f3d0,7f675ac58d00,00000011) ret=7f675ac30916
001f:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac30916
001f:Call rpcrt4.NDRCContextBinding(00047870) ret=7f675ac30927
001f:Ret  rpcrt4.NDRCContextBinding() retval=00047bc0 ret=7f675ac30927
001f:Call rpcrt4.NdrGetBuffer(0034f3d0,00000020,00047bc0) ret=7f675ac3094a
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b80 ret=7f675ab330b4
001f:Ret  rpcrt4.NdrGetBuffer() retval=00047b80 ret=7f675ac3094a
001f:Call rpcrt4.NdrClientContextMarshall(0034f3d0,00047870,00000000) ret=7f675ac30958
001f:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f675ac30958
001f:Call rpcrt4.NdrSendReceive(0034f3d0,00047b98) ret=7f675ac309bd
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
001f:Ret  ntdll.RtlAllocateHeap() retval=00047ac0 ret=7f675ab22f33
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7f675ab20cd7
001f:Ret  ntdll.RtlAllocateHeap() retval=00046ef0 ret=7f675ab20cd7
001f:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034ed40,00046ef0,00000030,00000000,00000000) ret=7f675ab2a5f6
001f:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046ef0) ret=7f675ab20d3f
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047ac0) ret=7f675ab22fef
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034edc0,7374756f00000010,00000000,00000000) ret=7f675ab2a777
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001e:Call KERNEL32.CloseHandle(00000154) ret=7fe363e9e6ff
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001f:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001f:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Ret  ntdll.RtlAllocateHeap() retval=00047550 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00047560,00000008,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00046e60,00000018,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=000473e0 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000473e0,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=00047650 ret=7fe363e99242
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0012:Call rpcrt4.NdrServerInitializeNew(00046880,0059f5f0,7fe36475ed20) ret=7fe36475182c
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36475182c
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f5f0,7fe36475880c) ret=7fe36475190d
0012:Call ntdll.RtlAcquireResourceExclusive(00047818,00000001) ret=7fe363e8b140
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=000477e0 ret=7fe36475190d
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000050) ret=7fe364746667
0012:Ret  ntdll.RtlAllocateHeap() retval=000476b0 ret=7fe364746667
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746667
0012:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe364746667
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
0012:Ret  ntdll.RtlAllocateHeap() retval=00047710 ret=7fe364746667
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe364746667
0012:Ret  ntdll.RtlAllocateHeap() retval=00047750 ret=7fe364746667
0012:Call rpcrt4.NdrComplexStructBufferSize(0059f5f0,0059f790,7fe364758824) ret=7fe364751a02
0012:Ret  rpcrt4.NdrComplexStructBufferSize() retval=00000110 ret=7fe364751a02
0012:Call rpcrt4.I_RpcGetBuffer(00046880) ret=7fe364751a19
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000110) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00047890 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe364751a19
0012:Call rpcrt4.NdrComplexStructMarshall(0059f5f0,0059f790,7fe364758824) ret=7fe364751a49
0012:Ret  rpcrt4.NdrComplexStructMarshall() retval=00000000 ret=7fe364751a49
0012:Call rpcrt4.NdrPointerFree(0059f5f0,0059f790,7fe36475884c) ret=7fe364751b25
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000476b0) ret=7fe36474424d
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe36474424d
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047710) ret=7fe36474424d
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047750) ret=7fe36474424d
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0012:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe364751b25
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0012:Call ntdll.RtlReleaseResource(00047818) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000120) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=000476b0 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(000000f0,00000154,00000000,00000000,0059f750,000476b0,00000120,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000476b0) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047890) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00047550) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046880) ret=7fe363e9966b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
001f:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
001f:Ret  ntdll.RtlAllocateHeap() retval=00047ac0 ret=7f675ab21f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000473e0) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047ad0,00000008,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000108) ret=7f675ab22011
001f:Ret  ntdll.RtlAllocateHeap() retval=00048db0 ret=7f675ab22011
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048db0,00000108,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000108) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00048ed0 ret=7f675ab330b4
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048db0) ret=7f675ab22199
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047ac0) ret=7f675ab23336
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b80) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac309bd
001f:Call rpcrt4.NdrComplexStructUnmarshall(0034f3d0,0034f288,7f675ac42d44,00000000) ret=7f675ac30a00
001f:Ret  rpcrt4.NdrComplexStructUnmarshall() retval=00000000 ret=7f675ac30a00
001f:Call rpcrt4.NdrFreeBuffer(0034f3d0) ret=7f675ac30a86
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048ed0) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac30a86
001f:Ret  advapi32.QueryServiceConfigW() retval=00000000 ret=7f675ab9bf7e
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,000000ec) ret=7f675ab9bfa8
001f:Ret  ntdll.RtlAllocateHeap() retval=00048db0 ret=7f675ab9bfa8
001f:Call advapi32.QueryServiceConfigW(00047870,00048db0,000000ec,0034f960) ret=7f675ab9bfc9
001f:Call rpcrt4.NdrClientInitializeNew(0034f290,0034f3d0,7f675ac58d00,00000011) ret=7f675ac30916
001f:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac30916
001f:Call rpcrt4.NDRCContextBinding(00047870) ret=7f675ac30927
001f:Ret  rpcrt4.NDRCContextBinding() retval=00047bc0 ret=7f675ac30927
001f:Call rpcrt4.NdrGetBuffer(0034f3d0,00000020,00047bc0) ret=7f675ac3094a
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00047ac0 ret=7f675ab330b4
001f:Ret  rpcrt4.NdrGetBuffer() retval=00047ac0 ret=7f675ac3094a
001f:Call rpcrt4.NdrClientContextMarshall(0034f3d0,00047870,00000000) ret=7f675ac30958
001f:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f675ac30958
001f:Call rpcrt4.NdrSendReceive(0034f3d0,00047ad8) ret=7f675ac309bd
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b80 ret=7f675ab22f33
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7f675ab20cd7
001f:Ret  ntdll.RtlAllocateHeap() retval=00046ef0 ret=7f675ab20cd7
001f:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034ed40,00046ef0,00000030,00000000,00000000) ret=7f675ab2a5f6
001f:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046ef0) ret=7f675ab20d3f
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b80) ret=7f675ab22fef
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034edc0,7374756f00000010,00000000,00000000) ret=7f675ab2a777
001e:Call KERNEL32.CloseHandle(00000154) ret=7fe363e9e6ff
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000470b0,00000008,00000000,00000000) ret=7fe363e9e777
001f:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001f:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00046e60,00000018,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00047550 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=000473e0 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000473e0,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=00046880 ret=7fe363e99242
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0013:Call rpcrt4.NdrServerInitializeNew(00047650,006af5f0,7fe36475ed20) ret=7fe36475182c
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36475182c
0013:Call rpcrt4.NdrServerContextNewUnmarshall(006af5f0,7fe36475880c) ret=7fe36475190d
0013:Call ntdll.RtlAcquireResourceExclusive(00047818,00000001) ret=7fe363e8b140
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=000477e0 ret=7fe36475190d
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000050) ret=7fe364746667
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Ret  ntdll.RtlAllocateHeap() retval=000476b0 ret=7fe364746667
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,0000001a) ret=7fe364746667
0013:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe364746667
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe364746667
0013:Ret  ntdll.RtlAllocateHeap() retval=00047710 ret=7fe364746667
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe364746667
0013:Ret  ntdll.RtlAllocateHeap() retval=00047750 ret=7fe364746667
0013:Call rpcrt4.NdrComplexStructBufferSize(006af5f0,006af790,7fe364758824) ret=7fe364751a02
0013:Ret  rpcrt4.NdrComplexStructBufferSize() retval=00000110 ret=7fe364751a02
0013:Call rpcrt4.I_RpcGetBuffer(00047650) ret=7fe364751a19
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000110) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=00047890 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe364751a19
0013:Call rpcrt4.NdrComplexStructMarshall(006af5f0,006af790,7fe364758824) ret=7fe364751a49
0013:Ret  rpcrt4.NdrComplexStructMarshall() retval=00000000 ret=7fe364751a49
0013:Call rpcrt4.NdrPointerFree(006af5f0,006af790,7fe36475884c) ret=7fe364751b25
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000476b0) ret=7fe36474424d
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe36474424d
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047710) ret=7fe36474424d
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047750) ret=7fe36474424d
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36474424d
0013:Ret  rpcrt4.NdrPointerFree() retval=00000000 ret=7fe364751b25
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe363ea81aa
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0013:Call ntdll.RtlReleaseResource(00047818) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000120) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=000476b0 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(000000f0,00000154,00000000,00000000,006af750,000476b0,00000120,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000476b0) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047550) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047890) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363e9448f
001f:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047650) ret=7fe363e9966b
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b80 ret=7f675ab21f4b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047b90,00000008,00000000,00000000) ret=7f675ab2a777
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000473e0) ret=7fe363e996a1
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001f:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000108) ret=7f675ab22011
001f:Ret  ntdll.RtlAllocateHeap() retval=00048eb0 ret=7f675ab22011
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00048eb0,00000108,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000108) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00048fd0 ret=7f675ab330b4
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048eb0) ret=7f675ab22199
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b80) ret=7f675ab23336
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047ac0) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac309bd
001f:Call rpcrt4.NdrComplexStructUnmarshall(0034f3d0,0034f288,7f675ac42d44,00000000) ret=7f675ac30a00
001f:Ret  rpcrt4.NdrComplexStructUnmarshall() retval=00000000 ret=7f675ac30a00
001f:Call rpcrt4.NdrFreeBuffer(0034f3d0) ret=7f675ac30a86
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048fd0) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac30a86
001f:Ret  advapi32.QueryServiceConfigW() retval=00000001 ret=7f675ab9bfc9
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048db0) ret=7f675ab9c03a
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab9c03a
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000020) ret=7f675ab8fb69
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b80 ret=7f675ab8fb69
001f:Call ntdll.RtlInitUnicodeString(0034f950,00047b80 L"\\Driver\\WineBus") ret=7f675ab8fc65
001f:Ret  ntdll.RtlInitUnicodeString() retval=0000001e ret=7f675ab8fc65
001f:Call advapi32.SetServiceStatus(00047870,0034f960) ret=7f675ab9c1e3
001f:Call rpcrt4.NdrClientInitializeNew(0034f300,0034f440,7f675ac58d00,00000007) ret=7f675ac2e468
001f:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac2e468
001f:Call rpcrt4.NDRCContextBinding(00047870) ret=7f675ac2e479
001f:Ret  rpcrt4.NDRCContextBinding() retval=00047bc0 ret=7f675ac2e479
001f:Call rpcrt4.NdrGetBuffer(0034f440,00000038,00047bc0) ret=7f675ac2e49c
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00048c60 ret=7f675ab330b4
001f:Ret  rpcrt4.NdrGetBuffer() retval=00048c60 ret=7f675ac2e49c
001f:Call rpcrt4.NdrClientContextMarshall(0034f440,00047870,00000000) ret=7f675ac2e4aa
001f:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f675ac2e4aa
001f:Call rpcrt4.NdrSimpleStructMarshall(0034f440,0034f960,7f675ac42c44) ret=7f675ac2e4bc
001f:Ret  rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7f675ac2e4bc
001f:Call rpcrt4.NdrSendReceive(0034f440,00048c90) ret=7f675ac2e4cc
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
001f:Ret  ntdll.RtlAllocateHeap() retval=00047ac0 ret=7f675ab22f33
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7f675ab20cd7
001f:Ret  ntdll.RtlAllocateHeap() retval=00048cb0 ret=7f675ab20cd7
001f:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034edc0,00048cb0,00000048,00000000,00000000) ret=7f675ab2a5f6
001f:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048cb0) ret=7f675ab20d3f
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047ac0) ret=7f675ab22fef
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001e:Call KERNEL32.CloseHandle(00000154) ret=7fe363e9e6ff
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034ee40,7374756f00000010,00000000,00000000) ret=7f675ab2a777
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000469a0,00000008,00000000,00000000) ret=7fe363e9e777
001f:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001f:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00046e60,00000030,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=000473e0 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000473e0,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
0012:Call rpcrt4.NdrServerInitializeNew(00046880,0059f630,7fe36475ed20) ret=7fe36474c404
0012:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474c404
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
0012:Call rpcrt4.NdrServerContextNewUnmarshall(0059f630,7fe364758720) ret=7fe36474c4e1
0012:Call ntdll.RtlAcquireResourceExclusive(00047818,00000001) ret=7fe363e8b140
001e:Ret  ntdll.RtlAllocateHeap() retval=00047650 ret=7fe363e99242
0012:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0012:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363ea80b5
0012:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=000477e0 ret=7fe36474c4e1
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0012:Call rpcrt4.NdrSimpleStructUnmarshall(0059f630,0059f7d0,7fe364758724,00000000) ret=7fe36474c502
0012:Ret  rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7fe36474c502
0012:Call KERNEL32.SetEvent(00000068) ret=7fe36473fc9e
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0012:Ret  KERNEL32.SetEvent() retval=00000001 ret=7fe36473fc9e
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0012:Call rpcrt4.I_RpcGetBuffer(00046880) ret=7fe36474c56d
0012:Call ntdll.RtlAllocateHeap(00030000,00000000,00000008) ret=7fe363ea70b4
0012:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363ea70b4
0012:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474c56d
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363ea81aa
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0012:Call ntdll.RtlReleaseResource(00047818) ret=7fe363e8b409
0012:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0012:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363e93f0b
0012:Call ntdll.RtlAllocateHeap(00030000,00000008,0000001c) ret=7fe363e94cd7
0012:Ret  ntdll.RtlAllocateHeap() retval=000476b0 ret=7fe363e94cd7
0012:Call ntdll.NtWriteFile(000000f0,00000154,00000000,00000000,0059f750,000476b0,0000001c,00000000,00000000) ret=7fe363e9e5f6
0012:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000476b0) ret=7fe363e94d3f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363ea70d9
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001f:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363ea70d9
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
001f:Ret  ntdll.RtlAllocateHeap() retval=00047ac0 ret=7f675ab21f4b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe363e9448f
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00046880) ret=7fe363e9966b
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047ad0,00000008,00000000,00000000) ret=7f675ab2a777
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0012:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0012:Call ntdll.RtlFreeHeap(00030000,00000000,000473e0) ret=7fe363e996a1
0012:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001f:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f675ab22011
001f:Ret  ntdll.RtlAllocateHeap() retval=00046ef0 ret=7f675ab22011
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00046ef0,00000004,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00048cb0 ret=7f675ab330b4
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00046ef0) ret=7f675ab22199
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047ac0) ret=7f675ab23336
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048c60) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac2e4cc
001f:Call rpcrt4.NdrFreeBuffer(0034f440) ret=7f675ac2e565
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00048cb0) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac2e565
001f:Ret  advapi32.SetServiceStatus() retval=00000001 ret=7f675ab9c1e3
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,000001b0) ret=7f675ab90a67
001f:Ret  ntdll.RtlAllocateHeap() retval=00048db0 ret=7f675ab90a67
001f:Call ntdll.RtlDuplicateUnicodeString(00000001,0034f950,00048df8) ret=7f675ab91c2e
001f:Ret  ntdll.RtlDuplicateUnicodeString() retval=00000000 ret=7f675ab91c2e
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000078) ret=7f675ab91f2d
001f:Ret  ntdll.RtlAllocateHeap() retval=00048c60 ret=7f675ab91f2d
001f:Call ntdll.RtlInitUnicodeString(00048f28,00048c60 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\WineBus") ret=7f675ab91f8e
001f:Ret  ntdll.RtlInitUnicodeString() retval=00000076 ret=7f675ab91f8e
001f:Call advapi32.RegOpenKeyW(ffffffff80000002,00048c84 L"System\\CurrentControlSet\\Services\\WineBus",0034f488) ret=7f675ab9020e
001f:Ret  advapi32.RegOpenKeyW() retval=00000000 ret=7f675ab9020e
001f:Call advapi32.RegQueryValueExW(00000048,7f675aba8620 L"ImagePath",00000000,0034f480,00000000,0034f484) ret=7f675ab902bb
001f:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7f675ab902bb
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000050) ret=7f675ab902d8
001f:Ret  ntdll.RtlAllocateHeap() retval=00047790 ret=7f675ab902d8
001f:Call advapi32.RegQueryValueExW(00000048,7f675aba8620 L"ImagePath",00000000,0034f480,00047790,0034f484) ret=7f675ab902fc
001f:Ret  advapi32.RegQueryValueExW() retval=00000000 ret=7f675ab902fc
001f:Call KERNEL32.ExpandEnvironmentStringsW(00047790 L"C:\\windows\\system32\\drivers\\winebus.sys",00000000,00000000) ret=7f675ab90513
001f:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000028 ret=7f675ab90513
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000050) ret=7f675ab90531
001f:Ret  ntdll.RtlAllocateHeap() retval=000477f0 ret=7f675ab90531
001f:Call KERNEL32.ExpandEnvironmentStringsW(00047790 L"C:\\windows\\system32\\drivers\\winebus.sys",000477f0,00000028) ret=7f675ab90544
001f:Ret  KERNEL32.ExpandEnvironmentStringsW() retval=00000028 ret=7f675ab90544
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047790) ret=7f675ab9055b
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab9055b
001f:Call advapi32.RegCloseKey(00000048) ret=7f675ab904a3
001f:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f675ab904a3
001f:Call KERNEL32.LoadLibraryW(000477f0 L"C:\\windows\\system32\\drivers\\winebus.sys") ret=7f675ab8fe68
001f:Call PE DLL (proc=0x7f675a4b2fe2,module=0x7f675a410000 L"gdi32.dll",reason=PROCESS_ATTACH,res=(nil))
001f:Ret  PE DLL (proc=0x7f675a4b2fe2,module=0x7f675a410000 L"gdi32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
001f:Call PE DLL (proc=0x7f675b4ba721,module=0x7f675b4b0000 L"version.dll",reason=PROCESS_ATTACH,res=(nil))
001f:Call KERNEL32.DisableThreadLibraryCalls(7f675b4b0000) ret=7f675b4ba859
001f:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f675b4ba859
001f:Ret  PE DLL (proc=0x7f675b4ba721,module=0x7f675b4b0000 L"version.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
001f:Call PE DLL (proc=0x7f675a64d449,module=0x7f675a5a0000 L"user32.dll",reason=PROCESS_ATTACH,res=(nil))
001f:Call PE DLL (proc=0x7f675aaa6ce5,module=0x7f675aa90000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil))
001f:Call user32.User32InitializeImmEntryTable(19650412) ret=7f675aaa4858
001f:Ret  user32.User32InitializeImmEntryTable() retval=00000001 ret=7f675aaa4858
001f:Ret  PE DLL (proc=0x7f675aaa6ce5,module=0x7f675aa90000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
001f:Ret  PE DLL (proc=0x7f675a64d449,module=0x7f675a5a0000 L"user32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
001f:Call PE DLL (proc=0x7f675a81bab3,module=0x7f675a7e0000 L"setupapi.dll",reason=PROCESS_ATTACH,res=(nil))
001f:Call KERNEL32.DisableThreadLibraryCalls(7f675a7e0000) ret=7f675a81714f
001f:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f675a81714f
001f:Call KERNEL32.GetVersionExW(7f675a84b220) ret=7f675a817165
001f:Ret  KERNEL32.GetVersionExW() retval=00000001 ret=7f675a817165
001f:Ret  PE DLL (proc=0x7f675a81bab3,module=0x7f675a7e0000 L"setupapi.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
001f:Ret  KERNEL32.LoadLibraryW() retval=7f675aac0000 ret=7f675ab8fe68
001f:Call ntdll.RtlImageNtHeader(7f675aac0000) ret=7f675ab8fe7d
001f:Ret  ntdll.RtlImageNtHeader() retval=7f675aac0040 ret=7f675ab8fe7d
001f:Call ntdll.RtlFreeHeap(00030000,00000000,000477f0) ret=7f675ab904ce
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab904ce
001f:Call ntdll.LdrLockLoaderLock(00000000,00000000,0034f700) ret=7f675ab90758
001f:Ret  ntdll.LdrLockLoaderLock() retval=00000000 ret=7f675ab90758
001f:Call ntdll.LdrFindEntryForAddress(7f675aac0000,0034f6f8) ret=7f675ab90765
001f:Ret  ntdll.LdrFindEntryForAddress() retval=00000000 ret=7f675ab90765
001f:Call ntdll.LdrUnlockLoaderLock(00000000,0000001f) ret=7f675ab9078b
001f:Ret  ntdll.LdrUnlockLoaderLock() retval=00000000 ret=7f675ab9078b
001f:Call ntdll.RtlImageNtHeader(7f675aac0000) ret=7f675ab9079c
001f:Ret  ntdll.RtlImageNtHeader() retval=7f675aac0040 ret=7f675ab9079c
001f:Call driver init 0x7f675aac8cf0 (obj=0x48dc0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\WineBus")
001f:Call ntdll.NtOpenKey(0034f458,000f003f,0034f460) ret=7f675aac8afc
001f:Ret  ntdll.NtOpenKey() retval=00000000 ret=7f675aac8afc
001f:Call ntdll.NtQueryValueKey(00000068,7f675aaccdc0,00000002,0034f490,00000010,0034f454) ret=7f675aac8b49
001f:Ret  ntdll.NtQueryValueKey() retval=c0000034 ret=7f675aac8b49
001f:Call ntoskrnl.exe.NtClose(00000068) ret=7f675aac8b62
001f:Call ntdll.NtClose(00000068) ret=7bca105f
001f:Ret  ntdll.NtClose() retval=00000000 ret=7bca105f
001f:Ret  ntoskrnl.exe.NtClose() retval=00000000 ret=7f675aac8b62
001f:Call ntoskrnl.exe.IoCreateDriver(7f675aacd840,7f675aac3355) ret=7f675aac8c37
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,000001b0) ret=7f675ab90a67
001f:Ret  ntdll.RtlAllocateHeap() retval=00052800 ret=7f675ab90a67
001f:Call ntdll.RtlDuplicateUnicodeString(00000001,7f675aacd840,00052848) ret=7f675ab91c2e
001f:Ret  ntdll.RtlDuplicateUnicodeString() retval=00000000 ret=7f675ab91c2e
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000076) ret=7f675ab91f2d
001f:Ret  ntdll.RtlAllocateHeap() retval=00051e80 ret=7f675ab91f2d
001f:Call ntdll.RtlInitUnicodeString(00052978,00051e80 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\SDLJOY") ret=7f675ab91f8e
001f:Ret  ntdll.RtlInitUnicodeString() retval=00000074 ret=7f675ab91f8e
001f:Call ntdll.NtOpenKey(0034f1a8,000f003f,0034f1b0) ret=7f675aac8afc
001f:Ret  ntdll.NtOpenKey() retval=c0000034 ret=7f675aac8afc
001f:Call KERNEL32.CreateThread(00000000,00000000,7f675aac2110,00000068,00000000,00000000) ret=7f675aac345b
001f:Ret  KERNEL32.CreateThread() retval=0000006c ret=7f675aac345b
001f:Call KERNEL32.WaitForMultipleObjects(00000002,0034f250,00000000,ffffffff) ret=7f675aac3481
0021:Call PE DLL (proc=0x7f675ab35e5b,module=0x7f675aae0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
0021:Ret  PE DLL (proc=0x7f675ab35e5b,module=0x7f675aae0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0021:Call PE DLL (proc=0x7f675a64d449,module=0x7f675a5a0000 L"user32.dll",reason=THREAD_ATTACH,res=(nil))
0021:Ret  PE DLL (proc=0x7f675a64d449,module=0x7f675a5a0000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0021:Call PE DLL (proc=0x7f675aaa6ce5,module=0x7f675aa90000 L"imm32.dll",reason=THREAD_ATTACH,res=(nil))
0021:Ret  PE DLL (proc=0x7f675aaa6ce5,module=0x7f675aa90000 L"imm32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0021:Starting thread proc 0x7f675aac2110 (arg=0x68)
0021:Call KERNEL32.SetEvent(00000068) ret=7f675aac21ba
0021:Ret  KERNEL32.SetEvent() retval=00000001 ret=7f675aac21ba
001f:Ret  KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7f675aac3481
001f:Call KERNEL32.CloseHandle(00000068) ret=7f675aac348d
001f:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7f675aac348d
001f:Call KERNEL32.CloseHandle(0000006c) ret=7f675aac3497
001f:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7f675aac3497
001f:Ret  ntoskrnl.exe.IoCreateDriver() retval=00000000 ret=7f675aac8c37
001f:Ret  driver init 0x7f675aac8cf0 (obj=0x48dc0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\WineBus") retval=00000000
001f:Call ntdll.RtlCompareUnicodeString(00048df8,00052848,00000000) ret=7f675ab8fab5
001f:Ret  ntdll.RtlCompareUnicodeString() retval=00000004 ret=7f675ab8fab5
001f:Call ntdll.RtlCompareUnicodeString(0034f950,00052848,00000000) ret=7f675ab8fab5
001f:Ret  ntdll.RtlCompareUnicodeString() retval=00000004 ret=7f675ab8fab5
001f:Call ntdll.RtlCompareUnicodeString(0034f950,00048df8,00000000) ret=7f675ab8fab5
001f:Ret  ntdll.RtlCompareUnicodeString() retval=00000000 ret=7f675ab8fab5
001f:Call ntdll.RtlFreeUnicodeString(0034f950) ret=7f675ab9c239
001f:Ret  ntdll.RtlFreeUnicodeString() retval=00000001 ret=7f675ab9c239
001f:Call advapi32.SetServiceStatus(00047870,0034f960) ret=7f675ab9c34a
001f:Call rpcrt4.NdrClientInitializeNew(0034f300,0034f440,7f675ac58d00,00000007) ret=7f675ac2e468
001f:Ret  rpcrt4.NdrClientInitializeNew() retval=7f675ac23c2f ret=7f675ac2e468
001f:Call rpcrt4.NDRCContextBinding(00047870) ret=7f675ac2e479
001f:Ret  rpcrt4.NDRCContextBinding() retval=00047bc0 ret=7f675ac2e479
001f:Call rpcrt4.NdrGetBuffer(0034f440,00000038,00047bc0) ret=7f675ac2e49c
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000038) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00051cc0 ret=7f675ab330b4
001f:Ret  rpcrt4.NdrGetBuffer() retval=00051cc0 ret=7f675ac2e49c
001f:Call rpcrt4.NdrClientContextMarshall(0034f440,00047870,00000000) ret=7f675ac2e4aa
001f:Ret  rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f675ac2e4aa
001f:Call rpcrt4.NdrSimpleStructMarshall(0034f440,0034f960,7f675ac42c44) ret=7f675ac2e4bc
001f:Ret  rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7f675ac2e4bc
001f:Call rpcrt4.NdrSendReceive(0034f440,00051cf0) ret=7f675ac2e4cc
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7f675ab22f33
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b80 ret=7f675ab22f33
001f:Call ntdll.RtlAllocateHeap(00030000,00000008,00000048) ret=7f675ab20cd7
001f:Ret  ntdll.RtlAllocateHeap() retval=00051d10 ret=7f675ab20cd7
001f:Call ntdll.NtWriteFile(00000020,00000024,00000000,00000000,0034edc0,00051d10,00000048,00000000,00000000) ret=7f675ab2a5f6
001f:Ret  ntdll.NtWriteFile() retval=00000000 ret=7f675ab2a5f6
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00051d10) ret=7f675ab20d3f
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab20d3f
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b80) ret=7f675ab22fef
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22fef
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,0034ee40,7374756f00000010,00000000,00000000) ret=7f675ab2a777
001e:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe363e9e79c
001f:Ret  ntdll.NtReadFile() retval=00000103 ret=7f675ab2a777
001e:Call KERNEL32.CloseHandle(00000154) ret=7fe363e9e6ff
001f:Call KERNEL32.WaitForSingleObject(00000024,ffffffff) ret=7f675ab2a79c
001e:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7fe363e9e6ff
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7fe363e95f4b
001e:Ret  ntdll.RtlAllocateHeap() retval=00045900 ret=7fe363e95f4b
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,00045910,00000008,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=80000005 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363e96011
001e:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363e96011
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,000470a0,00000030,00000000,00000000) ret=7fe363e9e777
001e:Ret  ntdll.NtReadFile() retval=00000000 ret=7fe363e9e777
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7fe363ea70b4
001e:Ret  ntdll.RtlAllocateHeap() retval=00046990 ret=7fe363ea70b4
001e:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363e96199
001e:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e96199
001e:Call ntdll.RtlAllocateHeap(00030000,00000000,00000028) ret=7fe363e992d1
001e:Ret  ntdll.RtlAllocateHeap() retval=000473e0 ret=7fe363e992d1
001e:Call KERNEL32.QueueUserWorkItem(7fe363e99597,000473e0,00000010) ret=7fe363e9931b
001e:Ret  KERNEL32.QueueUserWorkItem() retval=00000001 ret=7fe363e9931b
001e:Call ntdll.RtlAllocateHeap(00030000,00000008,00000050) ret=7fe363e99242
001e:Ret  ntdll.RtlAllocateHeap() retval=00046880 ret=7fe363e99242
001e:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,00046778,008ffb80,7374756f00000010,00000000,00000000) ret=7fe363e9e777
0013:Call rpcrt4.NdrServerInitializeNew(00047650,006af630,7fe36475ed20) ret=7fe36474c404
001e:Ret  ntdll.NtReadFile() retval=00000103 ret=7fe363e9e777
0013:Ret  rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7fe36474c404
001e:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff) ret=7fe363e9e79c
0013:Call rpcrt4.NdrServerContextNewUnmarshall(006af630,7fe364758720) ret=7fe36474c4e1
0013:Call ntdll.RtlAcquireResourceExclusive(00047818,00000001) ret=7fe363e8b140
0013:Ret  ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7fe363e8b140
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000010) ret=7fe363ea80b5
0013:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363ea80b5
0013:Ret  rpcrt4.NdrServerContextNewUnmarshall() retval=000477e0 ret=7fe36474c4e1
0013:Call rpcrt4.NdrSimpleStructUnmarshall(006af630,006af7d0,7fe364758724,00000000) ret=7fe36474c502
0013:Ret  rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7fe36474c502
0013:Call KERNEL32.SetEvent(00000068) ret=7fe36473fc9e
0013:Ret  KERNEL32.SetEvent() retval=00000001 ret=7fe36473fc9e
0013:Call rpcrt4.I_RpcGetBuffer(00047650) ret=7fe36474c56d
0013:Call ntdll.RtlAllocateHeap(00030000,00000000,00000008) ret=7fe363ea70b4
0013:Ret  ntdll.RtlAllocateHeap() retval=000470a0 ret=7fe363ea70b4
0013:Ret  rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7fe36474c56d
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363ea81aa
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea81aa
0013:Call ntdll.RtlReleaseResource(00047818) ret=7fe363e8b409
0013:Ret  ntdll.RtlReleaseResource() retval=00000000 ret=7fe363e8b409
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,00000018) ret=7fe363e93f0b
0013:Ret  ntdll.RtlAllocateHeap() retval=00046e60 ret=7fe363e93f0b
0013:Call ntdll.RtlAllocateHeap(00030000,00000008,0000001c) ret=7fe363e94cd7
0013:Ret  ntdll.RtlAllocateHeap() retval=000476b0 ret=7fe363e94cd7
0013:Call ntdll.NtWriteFile(000000f0,00000154,00000000,00000000,006af750,000476b0,0000001c,00000000,00000000) ret=7fe363e9e5f6
0013:Ret  ntdll.NtWriteFile() retval=00000000 ret=7fe363e9e5f6
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000476b0) ret=7fe363e94d3f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e94d3f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046e60) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00046990) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000470a0) ret=7fe363ea70d9
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363ea70d9
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00045900) ret=7fe363e9448f
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9448f
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00047650) ret=7fe363e9966b
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e9966b
0013:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7fe363e99682
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e99682
0013:Call ntdll.RtlFreeHeap(00030000,00000000,000473e0) ret=7fe363e996a1
001f:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7f675ab2a79c
0013:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe363e996a1
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675ab21f4b
001f:Ret  ntdll.RtlAllocateHeap() retval=00051d10 ret=7f675ab21f4b
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00051d20,00000008,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=80000005 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f675ab22011
001f:Ret  ntdll.RtlAllocateHeap() retval=00047b80 ret=7f675ab22011
001f:Call ntdll.NtReadFile(00000020,00000024,00000000,00000000,00046a58,00047b80,00000004,00000000,00000000) ret=7f675ab2a777
001f:Ret  ntdll.NtReadFile() retval=00000000 ret=7f675ab2a777
001f:Call ntdll.RtlAllocateHeap(00030000,00000000,00000004) ret=7f675ab330b4
001f:Ret  ntdll.RtlAllocateHeap() retval=00051d50 ret=7f675ab330b4
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00000000) ret=7f675ab221df
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab221df
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00047b80) ret=7f675ab22199
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab22199
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00051d10) ret=7f675ab23336
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab23336
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00051cc0) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrSendReceive() retval=00000000 ret=7f675ac2e4cc
001f:Call rpcrt4.NdrFreeBuffer(0034f440) ret=7f675ac2e565
001f:Call ntdll.RtlFreeHeap(00030000,00000000,00051d50) ret=7f675ab330d9
001f:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f675ab330d9
001f:Ret  rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f675ac2e565
001f:Ret  advapi32.SetServiceStatus() retval=00000001 ret=7f675ab9c34a
001f:Ret  ntoskrnl.exe.ZwLoadDriver() retval=00000000 ret=7f675cac8fa5
001f:Call ntoskrnl.exe.RtlNtStatusToDosError(00000000) ret=7f675cac8fac
001f:Call ntdll.RtlNtStatusToDosError(00000000) ret=7bca105f
001f:Ret  ntdll.RtlNtStatusToDosError() retval=00000000 ret=7bca105f
001f:Ret  ntoskrnl.exe.RtlNtStatusToDosError() retval=00000000 ret=7f675cac8fac
001f:Call ntoskrnl.exe.RtlFreeUnicodeString(0034fb20) ret=7f675cac8f94
001f:Call ntdll.RtlFreeUnicodeString(0034fb20) ret=7bca105f
001f:Ret  ntdll.RtlFreeUnicodeString() retval=00000001 ret=7bca105f
001f:Ret  ntoskrnl.exe.RtlFreeUnicodeString() retval=00000001 ret=7f675cac8f94
000d:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=7fe364740a04
000d:Call KERNEL32.GetOverlappedResult(00000124,0024fa40,0024fa3c,00000000) ret=7fe364740990
000d:Ret  KERNEL32.GetOverlappedResult() retval=00000001 ret=7fe364740990
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00047610) ret=7fe364740823
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364740823
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00046f20) ret=7fe364746401
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe364746401
000d:Call KERNEL32.WaitForMultipleObjects(00000002,0024fb10,00000000,00002710) ret=7fe3647464eb
000d:Ret  KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7fe3647464eb
000d:Call KERNEL32.ReleaseMutex(0000011c) ret=7fe364746453
000d:Ret  KERNEL32.ReleaseMutex() retval=00000001 ret=7fe364746453
000d:Call ntdll.RtlFreeHeap(00030000,00000000,00043db0) ret=7fe36473d937
000d:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7fe36473d937
000d:Call KERNEL32.SetEvent(00000028) ret=7fe36473d93f
000b:Ret  KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7f7665b0dad4
000d:Ret  KERNEL32.SetEvent() retval=00000001 ret=7fe36473d93f
000d:Call KERNEL32.WaitForSingleObject(00000094,ffffffff) ret=7fe36473d951
000b:Call KERNEL32.CloseHandle(00000074) ret=7f7665b0daea
000b:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7f7665b0daea
000b:Call KERNEL32.CloseHandle(0000006c) ret=7f7665b0daf7
000b:Ret  KERNEL32.CloseHandle() retval=00000001 ret=7f7665b0daf7
000b:Call ntdll.RtlAllocateHeap(00030000,00000000,0000005f) ret=7f7665b0cc5b
000b:Ret  ntdll.RtlAllocateHeap() retval=000496d0 ret=7f7665b0cc5b
000b:Call ntdll.RtlAllocateHeap(00030000,00000000,00000033) ret=7f7665b0cced
000b:Ret  ntdll.RtlAllocateHeap() retval=00048990 ret=7f7665b0cced
000b:Call ntdll.RtlFreeHeap(00030000,00000000,00048990) ret=7f7665b0cda4
000b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f7665b0cda4
000b:Call ntdll.RtlFreeHeap(00030000,00000000,000496d0) ret=7f7665b0d65a
000b:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f7665b0d65a
000b:Call advapi32.RegCreateKeyExW(ffffffff80000001,7f7665b113c0 L"Volatile Environment",00000000,00000000,00000001,000f003f,00000000,0024ed90,00000000) ret=7f7665b0cf3e
000b:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f7665b0cf3e
000b:Call KERNEL32.LoadLibraryA(7f7665b1ae50 "shell32.dll") ret=7f7665b103df
000b:Call PE DLL (proc=0x7f7662bc5e5b,module=0x7f7662b70000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil))
000b:Ret  PE DLL (proc=0x7f7662bc5e5b,module=0x7f7662b70000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
000b:Call PE DLL (proc=0x7f7662d1055c,module=0x7f7662c20000 L"ole32.dll",reason=PROCESS_ATTACH,res=(nil))
000b:Ret  PE DLL (proc=0x7f7662d1055c,module=0x7f7662c20000 L"ole32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
000b:Call PE DLL (proc=0x7f7662dac3f1,module=0x7f7662da0000 L"shcore.dll",reason=PROCESS_ATTACH,res=(nil))
000b:Call KERNEL32.DisableThreadLibraryCalls(7f7662da0000) ret=7f7662da597b
000b:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f7662da597b
000b:Call KERNEL32.TlsAlloc() ret=7f7662da5980
000b:Ret  KERNEL32.TlsAlloc() retval=00000001 ret=7f7662da5980
000b:Ret  PE DLL (proc=0x7f7662dac3f1,module=0x7f7662da0000 L"shcore.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
000b:Call PE DLL (proc=0x7f76629e42aa,module=0x7f76629c0000 L"usp10.dll",reason=PROCESS_ATTACH,res=(nil))
000b:Call KERNEL32.DisableThreadLibraryCalls(7f76629c0000) ret=7f76629e43e2
000b:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f76629e43e2
000b:Ret  PE DLL (proc=0x7f76629e42aa,module=0x7f76629c0000 L"usp10.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
000b:Call PE DLL (proc=0x7f7662abcd87,module=0x7f7662a10000 L"comctl32.dll",reason=PROCESS_ATTACH,res=(nil))
000b:Call KERNEL32.DisableThreadLibraryCalls(7f7662a10000) ret=7f7662a28905
000b:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f7662a28905
000b:Call KERNEL32.GlobalAddAtomW(7f7662abfc40 L"CC32SubclassInfo") ret=7f7662a28918
000b:Ret  KERNEL32.GlobalAddAtomW() retval=0000c008 ret=7f7662a28918
000b:Call gdi32.CreateBitmap(00000008,00000008,00000001,00000001,7f7662abfc70) ret=7f7662a28974
000b:Ret  gdi32.CreateBitmap() retval=00010038 ret=7f7662a28974
000b:Call gdi32.CreatePatternBrush(00010038) ret=7f7662a28983
000b:Ret  gdi32.CreatePatternBrush() retval=00010039 ret=7f7662a28983
000b:Call user32.GetSysColor(00000014) ret=7f7662a28773
000b:Ret  user32.GetSysColor() retval=00ffffff ret=7f7662a28773
000b:Call user32.GetSysColor(00000010) ret=7f7662a28783
000b:Ret  user32.GetSysColor() retval=00808080 ret=7f7662a28783
000b:Call user32.GetSysColor(00000012) ret=7f7662a28793
000b:Ret  user32.GetSysColor() retval=00000000 ret=7f7662a28793
000b:Call user32.GetSysColor(0000000f) ret=7f7662a287a3
000b:Ret  user32.GetSysColor() retval=00c8d0d4 ret=7f7662a287a3
000b:Call user32.GetSysColor(0000000d) ret=7f7662a287b3
000b:Ret  user32.GetSysColor() retval=006a240a ret=7f7662a287b3
000b:Call user32.GetSysColor(0000000e) ret=7f7662a287c3
000b:Ret  user32.GetSysColor() retval=00ffffff ret=7f7662a287c3
000b:Call user32.GetSysColor(0000001a) ret=7f7662a287d3
000b:Ret  user32.GetSysColor() retval=00c80000 ret=7f7662a287d3
000b:Call user32.GetSysColor(00000014) ret=7f7662a287e3
000b:Ret  user32.GetSysColor() retval=00ffffff ret=7f7662a287e3
000b:Call user32.GetSysColor(00000010) ret=7f7662a287f3
000b:Ret  user32.GetSysColor() retval=00808080 ret=7f7662a287f3
000b:Call user32.GetSysColor(00000015) ret=7f7662a28803
000b:Ret  user32.GetSysColor() retval=00404040 ret=7f7662a28803
000b:Call user32.GetSysColor(0000000f) ret=7f7662a28813
000b:Ret  user32.GetSysColor() retval=00c8d0d4 ret=7f7662a28813
000b:Call user32.GetSysColor(00000005) ret=7f7662a28823
000b:Ret  user32.GetSysColor() retval=00ffffff ret=7f7662a28823
000b:Call user32.GetSysColor(00000008) ret=7f7662a28833
000b:Ret  user32.GetSysColor() retval=00000000 ret=7f7662a28833
000b:Call user32.GetSysColor(00000011) ret=7f7662a28843
000b:Ret  user32.GetSysColor() retval=00808080 ret=7f7662a28843
000b:Call user32.GetSysColor(00000002) ret=7f7662a28853
000b:Ret  user32.GetSysColor() retval=006a240a ret=7f7662a28853
000b:Call user32.GetSysColor(00000018) ret=7f7662a28863
000b:Ret  user32.GetSysColor() retval=00e1ffff ret=7f7662a28863
000b:Call user32.GetSysColor(00000017) ret=7f7662a28873
000b:Ret  user32.GetSysColor() retval=00000000 ret=7f7662a28873
000b:Call user32.LoadCursorW(00000000,00007f00) ret=7f7662a176bf
000b:Call user32.GetDesktopWindow() ret=7f766383cbe0
0023:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError"
0023:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32"
0023:Call KERNEL32.__wine_kernel_init() ret=7bc85261
0023:Ret  KERNEL32.__wine_kernel_init() retval=7b47d405 ret=7bc85261
0023:Call PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0023:Ret  PE DLL (proc=0x7bce4adf,module=0x7bc40000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0023:Call PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0023:Ret  PE DLL (proc=0x7b4a9bd0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0023:Call PE DLL (proc=0x7f20e43361d4,module=0x7f20e42e0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0023:Ret  PE DLL (proc=0x7f20e43361d4,module=0x7f20e42e0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0023:Call PE DLL (proc=0x7f20e43c5e5b,module=0x7f20e4370000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0023:Ret  PE DLL (proc=0x7f20e43c5e5b,module=0x7f20e4370000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0023:Call PE DLL (proc=0x7f20e3faffe2,module=0x7f20e3f10000 L"gdi32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0023:Ret  PE DLL (proc=0x7f20e3faffe2,module=0x7f20e3f10000 L"gdi32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0023:Call PE DLL (proc=0x7f20e625c721,module=0x7f20e6250000 L"version.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0023:Call KERNEL32.DisableThreadLibraryCalls(7f20e6250000) ret=7f20e625c859
0023:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f20e625c859
0023:Ret  PE DLL (proc=0x7f20e625c721,module=0x7f20e6250000 L"version.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0023:Call PE DLL (proc=0x7f20e414a449,module=0x7f20e4090000 L"user32.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0023:Call PE DLL (proc=0x7f20e3ef1ce5,module=0x7f20e3ee0000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil))
0023:Call user32.User32InitializeImmEntryTable(19650412) ret=7f20e3eef858
0023:Ret  user32.User32InitializeImmEntryTable() retval=00000001 ret=7f20e3eef858
0023:Ret  PE DLL (proc=0x7f20e3ef1ce5,module=0x7f20e3ee0000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0023:Ret  PE DLL (proc=0x7f20e414a449,module=0x7f20e4090000 L"user32.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0023:Call PE DLL (proc=0x7f20e6272699,module=0x7f20e6270000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00)
0023:Call ntdll.LdrDisableThreadCalloutsForDll(7f20e6270000) ret=7f20e6272692
0023:Ret  ntdll.LdrDisableThreadCalloutsForDll() retval=00000000 ret=7f20e6272692
0023:Ret  PE DLL (proc=0x7f20e6272699,module=0x7f20e6270000 L"wow64cpu.dll",reason=PROCESS_ATTACH,res=0x24fb00) retval=1
0023:Starting process L"C:\\windows\\system32\\explorer.exe" (entryproc=0x7f20e4c6cb1d)
0023:Call KERNEL32.GetCommandLineW() ret=7f20e4c6cbf1
0023:Ret  KERNEL32.GetCommandLineW() retval=00032130 ret=7f20e4c6cbf1
0023:Call KERNEL32.GetStartupInfoW(0024fc50) ret=7f20e4c6cc43
0023:Ret  KERNEL32.GetStartupInfoW() retval=0000000c ret=7f20e4c6cc43
0023:Call KERNEL32.GetModuleHandleW(00000000) ret=7f20e4c6cc5d
0023:Ret  KERNEL32.GetModuleHandleW() retval=7f20e4c50000 ret=7f20e4c6cc5d
0023:Call user32.GetThreadDesktop(00000023) ret=7f20e4c66c64
0023:Ret  user32.GetThreadDesktop() retval=0000002c ret=7f20e4c66c64
0023:Call user32.GetUserObjectInformationW(0000002c,00000002,7f20e4c7be80,00000104,00000000) ret=7f20e4c66c8c
0023:Ret  user32.GetUserObjectInformationW() retval=00000001 ret=7f20e4c66c8c
0023:Call advapi32.RegOpenKeyW(ffffffff80000001,7f20e4c6f5e0 L"Software\\Wine\\Explorer",0024ef60) ret=7f20e4c66cb2
0023:Ret  advapi32.RegOpenKeyW() retval=00000002 ret=7f20e4c66cb2
0023:Call rpcrt4.UuidCreate(0024efd0) ret=7f20e4c67862
0023:Call advapi32.SystemFunction036(0024efd0,00000010) ret=7f20e43c1e90
0023:Ret  advapi32.SystemFunction036() retval=00000001 ret=7f20e43c1e90
0023:Ret  rpcrt4.UuidCreate() retval=00000000 ret=7f20e4c67862
0023:Call advapi32.RegOpenKeyW(ffffffff80000001,7f20e4c6f4e0 L"Software\\Wine\\Drivers",0024ef60) ret=7f20e4c678c2
0023:Ret  advapi32.RegOpenKeyW() retval=00000000 ret=7f20e4c678c2
0023:Call advapi32.RegQueryValueExW(00000044,7f20e4c6f4b0 L"Graphics",00000000,00000000,0024f130,0024ef40) ret=7f20e4c67901
0023:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f20e4c67901
0023:Call advapi32.RegCloseKey(00000044) ret=7f20e4c6790e
0023:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f20e4c6790e
0023:Call KERNEL32.LoadLibraryW(0024efe0 L"winex11.drv") ret=7f20e4c66e53
0023:Call PE DLL (proc=0x7f20e3e97cca,module=0x7f20e3e40000 L"winex11.drv",reason=PROCESS_ATTACH,res=(nil))
0023:Ret  PE DLL (proc=0x7f20e3e97cca,module=0x7f20e3e40000 L"winex11.drv",reason=PROCESS_ATTACH,res=(nil)) retval=1
0023:Ret  KERNEL32.LoadLibraryW() retval=7f20e3e40000 ret=7f20e4c66e53
0023:Call KERNEL32.GetModuleFileNameW(7f20e3e40000,0024f130,00000104) ret=7f20e4c67734
0023:Ret  KERNEL32.GetModuleFileNameW() retval=0000001f ret=7f20e4c67734
0023:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f20e4c6f420 L"System\\CurrentControlSet\\Control\\Video",00000000,00000000,00000000,00000002,00000000,0024ef60,00000000) ret=7f20e4c66f74
0023:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f20e4c66f74
0023:Call advapi32.RegCloseKey(00000048) ret=7f20e4c6783b
0023:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f20e4c6783b
0023:Call advapi32.RegCreateKeyExW(ffffffff80000002,0024f020 L"System\\CurrentControlSet\\Control\\Video\\{0b8dcc9b-d353-44a3-92fc-e5ee04711dff}\\0000",00000000,00000000,00000001,00000002,00000000,0024ef60,00000000) ret=7f20e4c67045
0023:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f20e4c67045
0023:Call advapi32.RegSetValueExW(0000004c,7f20e4c6f330 L"GraphicsDriver",00000000,00000001,0024f130,00000040) ret=7f20e4c6709d
0023:Ret  advapi32.RegSetValueExW() retval=00000000 ret=7f20e4c6709d
0023:Call advapi32.RegCloseKey(0000004c) ret=7f20e4c670aa
0023:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f20e4c670aa
0023:Call user32.CreateWindowExW(00000000,00008001,00000000,86000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0024efd0) ret=7f20e4c67104
0023:Call window proc 0x7f20e40c7670 (hwnd=0x10020,msg=WM_NCCREATE,wp=00000000,lp=0024ece0)
0023:Ret  window proc 0x7f20e40c7670 (hwnd=0x10020,msg=WM_NCCREATE,wp=00000000,lp=0024ece0) retval=00000001
0023:Call window proc 0x7f20e40c7670 (hwnd=0x10020,msg=WM_NCCALCSIZE,wp=00000000,lp=0024eb10)
0023:Ret  window proc 0x7f20e40c7670 (hwnd=0x10020,msg=WM_NCCALCSIZE,wp=00000000,lp=0024eb10) retval=00000000
0023:Call window proc 0x7f20e40c7670 (hwnd=0x10020,msg=WM_CREATE,wp=00000000,lp=0024ece0)
0023:Ret  window proc 0x7f20e40c7670 (hwnd=0x10020,msg=WM_CREATE,wp=00000000,lp=0024ece0) retval=00000000
0021:Call KERNEL32.MultiByteToWideChar(00000000,00000000,0058fcd0 "03000000790000000600000010010000",ffffffff,0058fc80,00000022) ret=7f675aac24ab
0021:Ret  KERNEL32.MultiByteToWideChar() retval=00000021 ret=7f675aac24ab
0021:Call ntdll.RtlAllocateHeap(00030000,00000000,00000018) ret=7f675aac7309
0021:Ret  ntdll.RtlAllocateHeap() retval=00047920 ret=7f675aac7309
0023:Call winex11.drv.wine_get_gdi_driver(00000030) ret=7f20e3f6630a
0023:Ret  winex11.drv.wine_get_gdi_driver() retval=7f20e3ebfd00 ret=7f20e3f6630a
0021:Call ntoskrnl.exe.RtlInitUnicodeString(0058f960,0058f990 L"\\Device\\SDLJOY#0000000000047920") ret=7f675aac7353
0021:Call ntdll.RtlInitUnicodeString(0058f960,0058f990 L"\\Device\\SDLJOY#0000000000047920") ret=7bca105f
0021:Ret  ntdll.RtlInitUnicodeString() retval=0000003e ret=7bca105f
0021:Ret  ntoskrnl.exe.RtlInitUnicodeString() retval=0000003e ret=7f675aac7353
0021:Call ntoskrnl.exe.IoCreateDevice(00052810,000000d8,0058f960,00000000,00000000,00000000,0058f958) ret=7f675aac738d
0021:Call ntdll.RtlAllocateHeap(00030000,00000008,00000230) ret=7f675ab90a67
0021:Ret  ntdll.RtlAllocateHeap() retval=000529c0 ret=7f675ab90a67
0021:Ret  ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7f675aac738d
0021:Call ntdll.RtlAllocateHeap(00030000,00000000,00000042) ret=7f675aac746d
0021:Ret  ntdll.RtlAllocateHeap() retval=00047a30 ret=7f675aac746d
0021:Call KERNEL32.InitializeCriticalSection(00052b78) ret=7f675aac74e7
0021:Ret  KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f675aac74e7
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0021:Call setupapi.SetupDiGetClassDevsW(7f675aac95d0,00000000,00000000,00000010) ret=7f675aac7540
0021:Call ntdll.RtlAllocateHeap(00030000,00000000,00000030) ret=7f675a7f18fc
0021:Ret  ntdll.RtlAllocateHeap() retval=00048fb0 ret=7f675a7f18fc
0021:Call advapi32.RegOpenKeyExW(ffffffff80000002,7f675a81fb20 L"System\\CurrentControlSet\\Control\\DeviceClasses",00000000,00020019,0058f4e0) ret=7f675a7f5aab
0021:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7f675a7f5aab
0021:Call advapi32.RegOpenKeyExW(00000070,0058f4f0 L"{463D60B5-802B-4BB2-8FDB-7DA9B99604D8}",00000000,00020019,0058f4e8) ret=7f675a7f5b06
0021:Ret  advapi32.RegOpenKeyExW() retval=00000002 ret=7f675a7f5b06
0021:Call advapi32.RegCloseKey(00000070) ret=7f675a7f5b25
0021:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f675a7f5b25
0021:Ret  setupapi.SetupDiGetClassDevsW() retval=00048fb0 ret=7f675aac7540
0021:Call ntdll.RtlAllocateHeap(00030000,00000000,000000cc) ret=7f675aac6f50
0021:Ret  ntdll.RtlAllocateHeap() retval=00051cc0 ret=7f675aac6f50
0021:Call setupapi.SetupDiCreateDeviceInfoW(00048fb0,00051cc0 L"SDLJOY\\Vid_0079&Pid_0006&IG_1\\272&03000000790000000600000010010000&0",7f675aac95d0,00000000,00000000,00000002,0058f970) ret=7f675aac75a3
0021:Call ntdll.RtlAllocateHeap(00030000,00000000,00000060) ret=7f675a7efb8f
0021:Ret  ntdll.RtlAllocateHeap() retval=00048ff0 ret=7f675a7efb8f
0021:Call ntdll.RtlAllocateHeap(00030000,00000000,0000008a) ret=7f675a7efbd8
0021:Ret  ntdll.RtlAllocateHeap() retval=00052c00 ret=7f675a7efbd8
0021:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f675a81fae0 L"System\\CurrentControlSet\\Enum",00000000,00000000,00000000,000f003f,00000000,0058f030,00000000) ret=7f675a7ef784
0021:Ret  advapi32.RegCreateKeyExW() retval=00000000 ret=7f675a7ef784
0021:Call user32.EnumDisplayDevicesW(00000000,00000000,0058f0d0,00000000) ret=7f675a7ef7f5
0021:Call PE DLL (proc=0x7f675813bcca,module=0x7f67580e0000 L"winex11.drv",reason=PROCESS_ATTACH,res=(nil))
0021:Ret  PE DLL (proc=0x7f675813bcca,module=0x7f67580e0000 L"winex11.drv",reason=PROCESS_ATTACH,res=(nil)) retval=1
0021:Call winex11.drv.wine_get_gdi_driver(00000030) ret=7f675a46930a
0021:Ret  winex11.drv.wine_get_gdi_driver() retval=7f6758163d00 ret=7f675a46930a
0021:Call user32.GetDpiForSystem() ret=7f675a4979b1
0021:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f675a4979b1
0023:Call user32.SetThreadDpiAwarenessContext(fffffffffffffffd) ret=7f20e3f6652b
0023:Ret  user32.SetThreadDpiAwarenessContext() retval=00000012 ret=7f20e3f6652b
0023:Call user32.GetSystemMetrics(0000004e) ret=7f20e3f66539
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024d600) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024d300) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000556 ret=7f20e3f66539
0023:Call user32.SetThreadDpiAwarenessContext(00000012) ret=7f20e3f66544
0023:Ret  user32.SetThreadDpiAwarenessContext() retval=00000012 ret=7f20e3f66544
0023:Call user32.SetThreadDpiAwarenessContext(fffffffffffffffd) ret=7f20e3f6666b
0023:Ret  user32.SetThreadDpiAwarenessContext() retval=00000012 ret=7f20e3f6666b
0023:Call user32.GetSystemMetrics(0000004f) ret=7f20e3f66679
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024d600) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024d300) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000300 ret=7f20e3f66679
0023:Call user32.SetThreadDpiAwarenessContext(00000012) ret=7f20e3f66684
0023:Ret  user32.SetThreadDpiAwarenessContext() retval=00000012 ret=7f20e3f66684
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call winex11.drv.CreateWindow(00010020) ret=7f20e40cdbe3
0023:Call imm32.ImmGetContext(00000000) ret=7f20e3e63434
0023:Call user32.IsWindow(00000000) ret=7f20e3ef0393
0023:Ret  user32.IsWindow() retval=00000000 ret=7f20e3ef0393
0023:Ret  imm32.ImmGetContext() retval=00000000 ret=7f20e3e63434
0023:Ret  winex11.drv.CreateWindow() retval=00000001 ret=7f20e40cdbe3
0023:Call window proc 0x7f20e3e7e8e8 (hwnd=0x10020,msg=WM_SIZE,wp=00000000,lp=00000000)
0023:Ret  window proc 0x7f20e3e7e8e8 (hwnd=0x10020,msg=WM_SIZE,wp=00000000,lp=00000000) retval=00000000
0023:Call window proc 0x7f20e3e7e8e8 (hwnd=0x10020,msg=WM_MOVE,wp=00000000,lp=00000000)
0023:Ret  window proc 0x7f20e3e7e8e8 (hwnd=0x10020,msg=WM_MOVE,wp=00000000,lp=00000000) retval=00000000
0023:Ret  user32.CreateWindowExW() retval=00010020 ret=7f20e4c67104
0023:Call user32.CreateWindowExW(00000000,7f20e4c6f670 L"Message",00000000,86000000,00000000,00000000,00000064,00000064,00000000,00000000,00000000,00000000) ret=7f20e4c6716b
0024:Call PE DLL (proc=0x7f20e43c5e5b,module=0x7f20e4370000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil))
0024:Ret  PE DLL (proc=0x7f20e43c5e5b,module=0x7f20e4370000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0024:Call PE DLL (proc=0x7f20e414a449,module=0x7f20e4090000 L"user32.dll",reason=THREAD_ATTACH,res=(nil))
0024:Ret  PE DLL (proc=0x7f20e414a449,module=0x7f20e4090000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0024:Call PE DLL (proc=0x7f20e3ef1ce5,module=0x7f20e3ee0000 L"imm32.dll",reason=THREAD_ATTACH,res=(nil))
0024:Ret  PE DLL (proc=0x7f20e3ef1ce5,module=0x7f20e3ee0000 L"imm32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1
0023:Call winex11.drv.WindowPosChanging(00010026,00000000,00000014,0024eaf0,0024eaf0,0024e8e0,0024e8d8) ret=7f20e413e16b
0024:Starting thread proc 0x7f20e3e55aa3 (arg=(nil))
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(00010026,00000000,0000003c,0024eaf0,0024eaf0,0024e8e0,00000000,7f20e427ac80) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e40fe772 (hwnd=0x10026,msg=WM_NCCREATE,wp=00000000,lp=0024ece0)
0023:Ret  window proc 0x7f20e40fe772 (hwnd=0x10026,msg=WM_NCCREATE,wp=00000000,lp=0024ece0) retval=00000001
0023:Call window proc 0x7f20e40fe772 (hwnd=0x10026,msg=WM_NCCALCSIZE,wp=00000000,lp=0024eb10)
0023:Ret  window proc 0x7f20e40fe772 (hwnd=0x10026,msg=WM_NCCALCSIZE,wp=00000000,lp=0024eb10) retval=00000000
0023:Call winex11.drv.WindowPosChanging(00010026,00000000,00000010,0024eaf0,0024eb10,0024e8e0,0024e8d8) ret=7f20e413e16b
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(00010026,00000000,00000018,0024eaf0,0024eb10,0024e8e0,00000000,7f20e427ac80) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e40fe772 (hwnd=0x10026,msg=WM_CREATE,wp=00000000,lp=0024ece0)
0023:Ret  window proc 0x7f20e40fe772 (hwnd=0x10026,msg=WM_CREATE,wp=00000000,lp=0024ece0) retval=00000000
0023:Call winex11.drv.CreateWindow(00010026) ret=7f20e41390c4
0023:Ret  winex11.drv.CreateWindow() retval=00000001 ret=7f20e41390c4
0023:Call window proc 0x7f20e40fe772 (hwnd=0x10026,msg=WM_SIZE,wp=00000000,lp=00640064)
0023:Ret  window proc 0x7f20e40fe772 (hwnd=0x10026,msg=WM_SIZE,wp=00000000,lp=00640064) retval=00000000
0023:Call window proc 0x7f20e40fe772 (hwnd=0x10026,msg=WM_MOVE,wp=00000000,lp=00000000)
0023:Ret  window proc 0x7f20e40fe772 (hwnd=0x10026,msg=WM_MOVE,wp=00000000,lp=00000000) retval=00000000
0023:Ret  user32.CreateWindowExW() retval=00010026 ret=7f20e4c6716b
0023:Call user32.SetWindowLongPtrW(00010020,fffffffc,7f20e4c58ec3) ret=7f20e4c6717f
0023:Ret  user32.SetWindowLongPtrW() retval=7f20e3e7e8e8 ret=7f20e4c6717f
0023:Call user32.LoadIconW(00000000,00007f05) ret=7f20e4c671e4
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  user32.LoadIconW() retval=00010028 ret=7f20e4c671e4
0023:Call user32.SendMessageW(00010020,00000080,00000001,00010028) ret=7f20e4c671fa
0023:Call window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_SETICON,wp=00000001,lp=00010028)
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call winex11.drv.SetWindowIcon(00010020,00000001,00010028) ret=7f20e40c64c5
0023:Ret  winex11.drv.SetWindowIcon() retval=00000000 ret=7f20e40c64c5
0023:Ret  window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_SETICON,wp=00000001,lp=00010028) retval=00000000
0023:Ret  user32.SendMessageW() retval=00000000 ret=7f20e4c671fa
0023:Call user32.GetSystemMetrics(0000004f) ret=7f20e4c67322
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e9a0) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e6a0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000300 ret=7f20e4c67322
0023:Call user32.GetSystemMetrics(0000004e) ret=7f20e4c67330
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e9a0) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e6a0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000556 ret=7f20e4c67330
0023:Call user32.GetSystemMetrics(0000004d) ret=7f20e4c6733d
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e9a0) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e6a0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000000 ret=7f20e4c6733d
0023:Call user32.GetSystemMetrics(0000004c) ret=7f20e4c6734b
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e9a0) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e6a0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000000 ret=7f20e4c6734b
0023:Call user32.SetWindowPos(00010020,00000000,00000000,00000000,00000556,00000300,00000040) ret=7f20e4c67372
0023:Call window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0024ed10)
0023:Ret  window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0024ed10) retval=00000000
0023:Call window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_NCCALCSIZE,wp=00000001,lp=0024ec60)
0023:Ret  window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_NCCALCSIZE,wp=00000001,lp=0024ec60) retval=00000000
0023:Call winex11.drv.WindowPosChanging(00010020,00000000,0000104a,0024ebf0,0024ec00,0024e9f0,0024e9e8) ret=7f20e413e16b
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(00010020,00000000,0000104a,0024ebf0,0024ec00,0024e9f0,00000000,7f20e427ac80) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_QUERYNEWPALETTE,wp=00000000,lp=00000000)
0023:Ret  window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_QUERYNEWPALETTE,wp=00000000,lp=00000000) retval=00000000
0023:Call window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_NCACTIVATE,wp=00000001,lp=00000000)
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.SetThreadDpiAwarenessContext(fffffffffffffffd) ret=7f20e3f6652b
0023:Ret  user32.SetThreadDpiAwarenessContext() retval=00000012 ret=7f20e3f6652b
0023:Call user32.GetSystemMetrics(0000004e) ret=7f20e3f66539
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024cd10) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024ca10) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000556 ret=7f20e3f66539
0023:Call user32.SetThreadDpiAwarenessContext(00000012) ret=7f20e3f66544
0023:Ret  user32.SetThreadDpiAwarenessContext() retval=00000012 ret=7f20e3f66544
0023:Call user32.SetThreadDpiAwarenessContext(fffffffffffffffd) ret=7f20e3f6666b
0023:Ret  user32.SetThreadDpiAwarenessContext() retval=00000012 ret=7f20e3f6666b
0023:Call user32.GetSystemMetrics(0000004f) ret=7f20e3f66679
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024cd10) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024ca10) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000300 ret=7f20e3f66679
0023:Call user32.SetThreadDpiAwarenessContext(00000012) ret=7f20e3f66684
0023:Ret  user32.SetThreadDpiAwarenessContext() retval=00000012 ret=7f20e3f66684
0023:Call winex11.drv.GetDC(00050042,00010020,00010020,0024d600,0024d610,00000053) ret=7f20e4110c9a
0023:Ret  winex11.drv.GetDC() retval=00000000 ret=7f20e4110c9a
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_NCACTIVATE,wp=00000001,lp=00000000) retval=00000001
0023:Call window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_ACTIVATE,wp=00000001,lp=00000000)
0023:Call winex11.drv.SetFocus(00010020) ret=7f20e40da8b2
0023:Ret  winex11.drv.SetFocus() retval=00000000 ret=7f20e40da8b2
0023:Call window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_SETFOCUS,wp=00000000,lp=00000000)
0023:Ret  window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_SETFOCUS,wp=00000000,lp=00000000) retval=00000000
0023:Ret  window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_ACTIVATE,wp=00000001,lp=00000000) retval=00000000
0023:Call winex11.drv.SetActiveWindow(00010020) ret=7f20e40dadbb
0023:Ret  winex11.drv.SetActiveWindow() retval=00000000 ret=7f20e40dadbb
0023:Call window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=0024ed10)
0023:Call window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_SIZE,wp=00000000,lp=03000556)
0023:Ret  window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_SIZE,wp=00000000,lp=03000556) retval=00000000
0023:Ret  window proc 0x7f20e4c58ec3 (hwnd=0x10020,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=0024ed10) retval=00000000
0023:Ret  user32.SetWindowPos() retval=00000001 ret=7f20e4c67372
0023:Call user32.SystemParametersInfoW(00000014,00000000,00000000,00000000) ret=7f20e4c67384
0023:Call winex11.drv.SystemParametersInfo(00000014,00000000,00000000,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Ret  user32.SystemParametersInfoW() retval=00000001 ret=7f20e4c67384
0023:Call user32.ClipCursor(00000000) ret=7f20e4c6738b
0023:Call winex11.drv.ClipCursor(0024ecb0) ret=7f20e40b7e44
0023:Call winex11.drv.WindowMessage(00010020,80001004,00000000,00000000) ret=7f20e40fca40
0023:Ret  winex11.drv.WindowMessage() retval=00000000 ret=7f20e40fca40
0023:Ret  winex11.drv.ClipCursor() retval=00000001 ret=7f20e40b7e44
0023:Ret  user32.ClipCursor() retval=00000001 ret=7f20e4c6738b
0023:Call user32.EnumDisplaySettingsExW(00000000,ffffffff,0024f130,00000000) ret=7f20e4c6739b
0023:Call winex11.drv.EnumDisplaySettingsEx(00000000,ffffffff,0024f130,00000000) ret=7f20e4120d46
0023:Ret  winex11.drv.EnumDisplaySettingsEx() retval=00000001 ret=7f20e4120d46
0023:Ret  user32.EnumDisplaySettingsExW() retval=00000001 ret=7f20e4c6739b
0023:Call user32.ChangeDisplaySettingsExW(00000000,0024f130,00000000,10000009,00000000) ret=7f20e4c673c8
0023:Call winex11.drv.ChangeDisplaySettingsEx(00000000,0024f130,00000000,10000009,00000000) ret=7f20e4120a80
0023:Ret  winex11.drv.ChangeDisplaySettingsEx() retval=00000000 ret=7f20e4120a80
0023:Ret  user32.ChangeDisplaySettingsExW() retval=00000000 ret=7f20e4c673c8
0023:Call user32.RegisterClassExW(0024ee40) ret=7f20e4c589e3
0023:Ret  user32.RegisterClassExW() retval=0000c015 ret=7f20e4c589e3
0023:Call user32.CreateWindowExW(00000000,7f20e4c6d020 L"WineAppBar",7f20e4c6d020 L"WineAppBar",00000000,00000000,00000000,00000000,00000000,fffffffffffffffd,00000000,00000000,00000000) ret=7f20e4c58a86
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024e590,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024e240,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024dee0,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024dee0,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024dee0,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e070) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024dd70) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024e240,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e070) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024dd70) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024e240,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call window proc 0x7f20e4c582a2 (hwnd=0x1002c,msg=WM_GETMINMAXINFO,wp=00000000,lp=0024e8d0)
0023:Call user32.DefWindowProcW(0001002c,00000024,00000000,0024e8d0) ret=7f20e4c58380
0023:Ret  user32.DefWindowProcW() retval=00000000 ret=7f20e4c58380
0023:Ret  window proc 0x7f20e4c582a2 (hwnd=0x1002c,msg=WM_GETMINMAXINFO,wp=00000000,lp=0024e8d0) retval=00000000
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e4e0) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e1e0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e900) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e3d0) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e0d0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.WindowPosChanging(0001002c,00000000,00000014,0024ea20,0024ea20,0024e810,0024e808) ret=7f20e413e16b
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(0001002c,00000000,00000014,0024ea20,0024ea20,0024e810,00000000,00000000) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e4c582a2 (hwnd=0x1002c,msg=WM_NCCREATE,wp=00000000,lp=0024ec10)
0023:Call user32.DefWindowProcW(0001002c,00000081,00000000,0024ec10) ret=7f20e4c58380
0023:Call winex11.drv.SetWindowText(0001002c,000bf6a0 L"WineAppBar") ret=7f20e40c56b2
0024:Call imm32.ImmGetContext(00000000) ret=7f20e3e63434
0024:Call user32.IsWindow(00000000) ret=7f20e3ef0393
0024:Ret  user32.IsWindow() retval=00000000 ret=7f20e3ef0393
0024:Ret  imm32.ImmGetContext() retval=00000000 ret=7f20e3e63434
0023:Ret  winex11.drv.SetWindowText() retval=00000000 ret=7f20e40c56b2
0023:Ret  user32.DefWindowProcW() retval=00000001 ret=7f20e4c58380
0023:Ret  window proc 0x7f20e4c582a2 (hwnd=0x1002c,msg=WM_NCCREATE,wp=00000000,lp=0024ec10) retval=00000001
0023:Call window proc 0x7f20e4c582a2 (hwnd=0x1002c,msg=WM_NCCALCSIZE,wp=00000000,lp=0024ea40)
0023:Call user32.DefWindowProcW(0001002c,00000083,00000000,0024ea40) ret=7f20e4c58380
0024:Call winex11.drv.CreateDesktopWindow(00010020) ret=7f20e4131278
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024dea0,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Ret  winex11.drv.CreateDesktopWindow() retval=00000001 ret=7f20e4131278
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  user32.DefWindowProcW() retval=00000000 ret=7f20e4c58380
0023:Ret  window proc 0x7f20e4c582a2 (hwnd=0x1002c,msg=WM_NCCALCSIZE,wp=00000000,lp=0024ea40) retval=00000000
0023:Call winex11.drv.WindowPosChanging(0001002c,00000000,00000010,0024ea20,0024ea40,0024e810,0024e808) ret=7f20e413e16b
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(0001002c,00000000,00000010,0024ea20,0024ea40,0024e810,00000000,00000000) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e4c582a2 (hwnd=0x1002c,msg=WM_CREATE,wp=00000000,lp=0024ec10)
0023:Call user32.DefWindowProcW(0001002c,00000001,00000000,0024ec10) ret=7f20e4c58380
0023:Ret  user32.DefWindowProcW() retval=00000000 ret=7f20e4c58380
0023:Ret  window proc 0x7f20e4c582a2 (hwnd=0x1002c,msg=WM_CREATE,wp=00000000,lp=0024ec10) retval=00000000
0023:Call winex11.drv.CreateWindow(0001002c) ret=7f20e41390c4
0023:Ret  winex11.drv.CreateWindow() retval=00000001 ret=7f20e41390c4
0023:Ret  user32.CreateWindowExW() retval=0001002c ret=7f20e4c58a86
0023:Call KERNEL32.GetProcAddress(7f20e3e40000,7f20e4c726dd "wine_notify_icon") ret=7f20e4c6c8f7
0023:Ret  KERNEL32.GetProcAddress() retval=7f20e3e4d4f0 ret=7f20e4c6c8f7
0023:Call user32.GetSystemMetrics(00000031) ret=7f20e4c6c747
0023:Ret  user32.GetSystemMetrics() retval=00000010 ret=7f20e4c6c747
0023:Call user32.GetSystemMetrics(00000032) ret=7f20e4c6c75a
0023:Ret  user32.GetSystemMetrics() retval=00000010 ret=7f20e4c6c75a
0023:Call user32.LoadIconW(00000000,00007f05) ret=7f20e4c6c7c0
0023:Ret  user32.LoadIconW() retval=00010028 ret=7f20e4c6c7c0
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e4c6c7d4
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e4c6c7d4
0023:Call user32.RegisterClassExW(0024ee30) ret=7f20e4c6c7ff
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  user32.RegisterClassExW() retval=0000c017 ret=7f20e4c6c7ff
0023:Call user32.GetSystemMetrics(00000001) ret=7f20e4c6c859
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e8c0) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e5c0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000300 ret=7f20e4c6c859
0023:Call user32.CreateWindowExW(08000000,7f20e4c72870 L"Shell_TrayWnd",00000000,80000000,7f2000000000,00000300,00000000,00000000,00000000,00000000,00000000,00000000) ret=7f20e4c6c8af
0023:Call KERNEL32.LZOpenFileW(0024e670 L"C:\\windows\\system32\\explorer.exe",0024e490,00000000) ret=7f20e6259f0c
0024:Call winex11.drv.SystemParametersInfo(00000029,00000000,0036f1d0,00000000) ret=7f20e4123039
0024:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call winex11.drv.SystemParametersInfo(00000029,00000000,0036ee80,00000000) ret=7f20e4123039
0024:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  KERNEL32.LZOpenFileW() retval=00000064 ret=7f20e6259f0c
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Call KERNEL32.LZSeek(00000064,00000000,00000000) ret=7f20e62594cb
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  KERNEL32.LZSeek() retval=00000000 ret=7f20e62594cb
0023:Call KERNEL32.LZRead(00000064,0024e3d0,00000040) ret=7f20e62594dd
0023:Ret  KERNEL32.LZRead() retval=00000040 ret=7f20e62594dd
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.LZSeek(00000064,00000060,00000000) ret=7f20e625954c
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  KERNEL32.LZSeek() retval=00000060 ret=7f20e625954c
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.LZRead(00000064,0024e415,00000002) ret=7f20e6259564
0023:Ret  KERNEL32.LZRead() retval=00000002 ret=7f20e6259564
0023:Call KERNEL32.LZSeek(00000064,00000060,00000000) ret=7f20e625957e
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  KERNEL32.LZSeek() retval=00000060 ret=7f20e625957e
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.LZSeek(00000064,00000000,00000001) ret=7f20e6258cc3
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  KERNEL32.LZSeek() retval=00000060 ret=7f20e6258cc3
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Call KERNEL32.LZRead(00000064,0024e220,00000108) ret=7f20e6258cda
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  KERNEL32.LZRead() retval=00000108 ret=7f20e6258cda
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call ntdll.RtlAllocateHeap(00030000,00000000,00000078) ret=7f20e6258da8
0023:Ret  ntdll.RtlAllocateHeap() retval=000c4040 ret=7f20e6258da8
0023:Call KERNEL32.LZSeek(00000064,00000168,00000000) ret=7f20e6258dc8
0023:Ret  KERNEL32.LZSeek() retval=00000168 ret=7f20e6258dc8
0023:Call KERNEL32.LZRead(00000064,000c4040,00000078) ret=7f20e6258ddc
0024:Call winex11.drv.SystemParametersInfo(00000029,00000000,0036eb20,00000000) ret=7f20e4123039
0023:Ret  KERNEL32.LZRead() retval=00000078 ret=7f20e6258ddc
0024:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call ntdll.RtlAllocateHeap(00030000,00000000,00002000) ret=7f20e6258efa
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  ntdll.RtlAllocateHeap() retval=000c5ad0 ret=7f20e6258efa
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Call KERNEL32.LZSeek(00000064,00000600,00000000) ret=7f20e6258f27
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  KERNEL32.LZSeek() retval=00000600 ret=7f20e6258f27
0023:Call KERNEL32.LZRead(00000064,000c5ad0,00001464) ret=7f20e6258f3a
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  KERNEL32.LZRead() retval=00001464 ret=7f20e6258f3a
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.GetUserDefaultLangID() ret=7f20e6259463
0023:Ret  KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7f20e6259463
0023:Call KERNEL32.GetUserDefaultLangID() ret=7f20e6259290
0023:Ret  KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7f20e6259290
0023:Call KERNEL32.GetUserDefaultLangID() ret=7f20e62592c0
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7f20e62592c0
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.GetSystemDefaultLangID() ret=7f20e62592f0
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7f20e62592f0
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.GetSystemDefaultLangID() ret=7f20e6259339
0023:Ret  KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7f20e6259339
0023:Call KERNEL32.GetSystemDefaultLangID() ret=7f20e625938c
0023:Ret  KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7f20e625938c
0024:Call winex11.drv.SystemParametersInfo(00000029,00000000,0036eb20,00000000) ret=7f20e4123039
0024:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call ntdll.RtlFreeHeap(00030000,00000000,000c5ad0) ret=7f20e6258f62
0023:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f20e6258f62
0023:Call ntdll.RtlFreeHeap(00030000,00000000,000c4040) ret=7f20e6258f7b
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f20e6258f7b
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.LZClose(00000064) ret=7f20e6259f36
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call winex11.drv.SystemParametersInfo(00000029,00000000,0036eb20,00000000) ret=7f20e4123039
0024:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  KERNEL32.LZClose() retval=00000000 ret=7f20e6259f36
0023:Call KERNEL32.LZOpenFileW(0024e670 L"C:\\windows\\system32\\explorer.exe",0024e470,00000000) ret=7f20e625a38f
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0036ecb0) ret=7f20e4122ef3
0024:Call winex11.drv.GetMonitorInfo(00000001,0036e9b0) ret=7f20e41227e9
0024:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0024:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0024:Call winex11.drv.SystemParametersInfo(00000029,00000000,0036ee80,00000000) ret=7f20e4123039
0024:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0036ecb0) ret=7f20e4122ef3
0023:Ret  KERNEL32.LZOpenFileW() retval=00000064 ret=7f20e625a38f
0024:Call winex11.drv.GetMonitorInfo(00000001,0036e9b0) ret=7f20e41227e9
0023:Call KERNEL32.LZSeek(00000064,00000000,00000000) ret=7f20e62594cb
0024:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0024:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  KERNEL32.LZSeek() retval=00000000 ret=7f20e62594cb
0023:Call KERNEL32.LZRead(00000064,0024e3a0,00000040) ret=7f20e62594dd
0024:Call winex11.drv.SystemParametersInfo(00000029,00000000,0036ee80,00000000) ret=7f20e4123039
0024:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Ret  KERNEL32.LZRead() retval=00000040 ret=7f20e62594dd
0023:Call KERNEL32.LZSeek(00000064,00000060,00000000) ret=7f20e625954c
0023:Ret  KERNEL32.LZSeek() retval=00000060 ret=7f20e625954c
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.LZRead(00000064,0024e3e5,00000002) ret=7f20e6259564
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  KERNEL32.LZRead() retval=00000002 ret=7f20e6259564
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.LZSeek(00000064,00000060,00000000) ret=7f20e625957e
0023:Ret  KERNEL32.LZSeek() retval=00000060 ret=7f20e625957e
0023:Call KERNEL32.LZSeek(00000064,00000000,00000001) ret=7f20e6258cc3
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  KERNEL32.LZSeek() retval=00000060 ret=7f20e6258cc3
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Call KERNEL32.LZRead(00000064,0024e1f0,00000108) ret=7f20e6258cda
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  KERNEL32.LZRead() retval=00000108 ret=7f20e6258cda
0023:Call ntdll.RtlAllocateHeap(00030000,00000000,00000078) ret=7f20e6258da8
0023:Ret  ntdll.RtlAllocateHeap() retval=000c4720 ret=7f20e6258da8
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.LZSeek(00000064,00000168,00000000) ret=7f20e6258dc8
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  KERNEL32.LZSeek() retval=00000168 ret=7f20e6258dc8
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call KERNEL32.LZRead(00000064,000c4720,00000078) ret=7f20e6258ddc
0023:Ret  KERNEL32.LZRead() retval=00000078 ret=7f20e6258ddc
0024:Call window proc 0x7f20e3e56627 (hwnd=0x1002e,msg=WM_GETMINMAXINFO,wp=00000000,lp=0036f510)
0023:Call ntdll.RtlAllocateHeap(00030000,00000000,00002000) ret=7f20e6258efa
0024:Ret  window proc 0x7f20e3e56627 (hwnd=0x1002e,msg=WM_GETMINMAXINFO,wp=00000000,lp=0036f510) retval=00000000
0023:Ret  ntdll.RtlAllocateHeap() retval=000c5ad0 ret=7f20e6258efa
0023:Call KERNEL32.LZSeek(00000064,00000600,00000000) ret=7f20e6258f27
0024:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0036f120) ret=7f20e4122ef3
0023:Ret  KERNEL32.LZSeek() retval=00000600 ret=7f20e6258f27
0024:Call winex11.drv.GetMonitorInfo(00000001,0036ee20) ret=7f20e41227e9
0023:Call KERNEL32.LZRead(00000064,000c5ad0,00001464) ret=7f20e6258f3a
0024:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0024:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  KERNEL32.LZRead() retval=00001464 ret=7f20e6258f3a
0024:Call winex11.drv.GetMonitorInfo(00000001,0036f540) ret=7f20e41227e9
0023:Call KERNEL32.GetUserDefaultLangID() ret=7f20e6259463
0024:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7f20e6259463
0023:Call KERNEL32.GetUserDefaultLangID() ret=7f20e6259290
0024:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0036f010) ret=7f20e4122ef3
0023:Ret  KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7f20e6259290
0024:Call winex11.drv.GetMonitorInfo(00000001,0036ed10) ret=7f20e41227e9
0023:Call KERNEL32.GetUserDefaultLangID() ret=7f20e62592c0
0024:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7f20e62592c0
0024:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call KERNEL32.GetSystemDefaultLangID() ret=7f20e62592f0
0023:Ret  KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7f20e62592f0
0023:Call KERNEL32.GetSystemDefaultLangID() ret=7f20e6259339
0024:Call winex11.drv.WindowPosChanging(0001002e,00000000,00000014,0036f660,0036f660,0036f450,0036f448) ret=7f20e413e16b
0023:Ret  KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7f20e6259339
0023:Call KERNEL32.GetSystemDefaultLangID() ret=7f20e625938c
0024:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Ret  KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7f20e625938c
0023:Call ntdll.RtlFreeHeap(00030000,00000000,000c5ad0) ret=7f20e6258f62
0023:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f20e6258f62
0023:Call ntdll.RtlFreeHeap(00030000,00000000,000c4720) ret=7f20e6258f7b
0023:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7f20e6258f7b
0023:Call KERNEL32.LZSeek(00000064,00001704,00000000) ret=7f20e625a629
0023:Ret  KERNEL32.LZSeek() retval=00001704 ret=7f20e625a629
0023:Call KERNEL32.LZRead(00000064,000c4040,00000360) ret=7f20e625a642
0023:Ret  KERNEL32.LZRead() retval=00000360 ret=7f20e625a642
0023:Call KERNEL32.LZClose(00000064) ret=7f20e625a64e
0023:Ret  KERNEL32.LZClose() retval=00000000 ret=7f20e625a64e
0024:Call winex11.drv.WindowPosChanged(0001002e,00000000,00000014,0036f660,0036f660,0036f450,00000000,00000000) ret=7f20e413e936
0024:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0024:Call window proc 0x7f20e3e56627 (hwnd=0x1002e,msg=WM_NCCREATE,wp=00000000,lp=0036f850)
0024:Ret  window proc 0x7f20e3e56627 (hwnd=0x1002e,msg=WM_NCCREATE,wp=00000000,lp=0036f850) retval=00000001
0024:Call window proc 0x7f20e3e56627 (hwnd=0x1002e,msg=WM_NCCALCSIZE,wp=00000000,lp=0036f680)
0024:Call winex11.drv.SystemParametersInfo(00000029,00000000,0036eb80,00000000) ret=7f20e4123039
0024:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Call winex11.drv.WindowPosChanging(00010032,00000000,00000014,0024ea10,0024ea10,0024e800,0024e7f8) ret=7f20e413e16b
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024d830) ret=7f20e4122ef3
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call winex11.drv.GetMonitorInfo(00000001,0024d530) ret=7f20e41227e9
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024dbe0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0024:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0024:Ret  window proc 0x7f20e3e56627 (hwnd=0x1002e,msg=WM_NCCALCSIZE,wp=00000000,lp=0036f680) retval=00000000
0024:Call winex11.drv.WindowPosChanging(0001002e,00000000,00000010,0036f660,0036f680,0036f450,0036f448) ret=7f20e413e16b
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e130) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024de30) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e4e0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0024:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(00010032,00000000,0000003c,0024ea10,0024ea10,0024e800,00000000,7f20e427ac80) ret=7f20e413e936
0024:Call winex11.drv.WindowPosChanged(0001002e,00000000,00000010,0036f660,0036f680,0036f450,00000000,00000000) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_NCCREATE,wp=00000000,lp=0024ec00)
0024:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call user32.DefWindowProcW(00010032,00000081,00000000,0024ec00) ret=7f20e4c6b8ef
0024:Call window proc 0x7f20e3e56627 (hwnd=0x1002e,msg=WM_CREATE,wp=00000000,lp=0036f850)
0023:Call winex11.drv.SetWindowText(00010032,000c1f60 L"") ret=7f20e40c56b2
0023:Ret  winex11.drv.SetWindowText() retval=00000000 ret=7f20e40c56b2
0023:Ret  user32.DefWindowProcW() retval=00000001 ret=7f20e4c6b8ef
0023:Ret  window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_NCCREATE,wp=00000000,lp=0024ec00) retval=00000001
0023:Call imm32.__wine_register_window(00010032) ret=7f20e4138fcc
0023:Call user32.GetClassNameW(00010032,0024e800,00000008) ret=7f20e3ee8890
0023:Ret  user32.GetClassNameW() retval=00000007 ret=7f20e3ee8890
0023:Call user32.GetClassLongPtrW(00010032,ffffffe6) ret=7f20e3ee893f
0023:Ret  user32.GetClassLongPtrW() retval=0000000a ret=7f20e3ee893f
0023:Call user32.GetWindowThreadProcessId(00010032,0024e774) ret=7f20e3ee7953
0023:Ret  user32.GetWindowThreadProcessId() retval=00000023 ret=7f20e3ee7953
0023:Call ntdll.RtlAllocateHeap(00030000,00000008,00000030) ret=7f20e3ee79bf
0023:Ret  ntdll.RtlAllocateHeap() retval=000c4290 ret=7f20e3ee79bf
0023:Call user32.CreateWindowExW(00000000,7f20e3ef32a8 L"IME",7f20e3ef3290 L"Default IME",8c000000,00000000,00000000,00000001,00000001,00000000,00000000,00000000,00000000) ret=7f20e3ee8a9e
0024:Ret  window proc 0x7f20e3e56627 (hwnd=0x1002e,msg=WM_CREATE,wp=00000000,lp=0036f850) retval=00000000
0024:Call winex11.drv.CreateWindow(0001002e) ret=7f20e41390c4
0024:Ret  winex11.drv.CreateWindow() retval=00000001 ret=7f20e41390c4
0023:Call winex11.drv.WindowPosChanging(00010034,00000000,00000014,0024e3e0,0024e3e0,0024e1d0,0024e1c8) ret=7f20e413e16b
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024d200) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024cf00) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024d5b0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024db00) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024d800) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024deb0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(00010034,00000000,00000014,0024e3e0,0024e3e0,0024e1d0,00000000,00000000) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e410b02d (hwnd=0x10034,msg=WM_NCCREATE,wp=00000000,lp=0024e5d0)
0023:Call winex11.drv.SetWindowText(00010034,000c4790 L"Default IME") ret=7f20e40c56b2
0023:Ret  winex11.drv.SetWindowText() retval=00000000 ret=7f20e40c56b2
0023:Ret  window proc 0x7f20e410b02d (hwnd=0x10034,msg=WM_NCCREATE,wp=00000000,lp=0024e5d0) retval=00000001
0023:Call imm32.__wine_register_window(00010034) ret=7f20e4138fcc
0023:Call user32.GetClassNameW(00010034,0024e1d0,00000008) ret=7f20e3ee8890
0023:Ret  user32.GetClassNameW() retval=00000003 ret=7f20e3ee8890
0023:Ret  imm32.__wine_register_window() retval=00000000 ret=7f20e4138fcc
0023:Call window proc 0x7f20e410b02d (hwnd=0x10034,msg=WM_NCCALCSIZE,wp=00000000,lp=0024e400)
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024d930,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  window proc 0x7f20e410b02d (hwnd=0x10034,msg=WM_NCCALCSIZE,wp=00000000,lp=0024e400) retval=00000000
0023:Call winex11.drv.WindowPosChanging(00010034,00000000,00000010,0024e3e0,0024e400,0024e1d0,0024e1c8) ret=7f20e413e16b
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024db00) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024d800) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024deb0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(00010034,00000000,00000010,0024e3e0,0024e400,0024e1d0,00000000,00000000) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e410b02d (hwnd=0x10034,msg=WM_CREATE,wp=00000000,lp=0024e5d0)
0023:Ret  window proc 0x7f20e410b02d (hwnd=0x10034,msg=WM_CREATE,wp=00000000,lp=0024e5d0) retval=00000001
0023:Call winex11.drv.CreateWindow(00010034) ret=7f20e41390c4
0023:Ret  winex11.drv.CreateWindow() retval=00000001 ret=7f20e41390c4
0023:Call window proc 0x7f20e410b02d (hwnd=0x10034,msg=WM_SIZE,wp=00000000,lp=00010001)
0023:Ret  window proc 0x7f20e410b02d (hwnd=0x10034,msg=WM_SIZE,wp=00000000,lp=00010001) retval=00000000
0023:Call window proc 0x7f20e410b02d (hwnd=0x10034,msg=WM_MOVE,wp=00000000,lp=00000000)
0023:Ret  window proc 0x7f20e410b02d (hwnd=0x10034,msg=WM_MOVE,wp=00000000,lp=00000000) retval=00000000
0023:Ret  user32.CreateWindowExW() retval=00010034 ret=7f20e3ee8a9e
0023:Ret  imm32.__wine_register_window() retval=00000001 ret=7f20e4138fcc
0023:Call window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_NCCALCSIZE,wp=00000000,lp=0024ea30)
0023:Call user32.DefWindowProcW(00010032,00000083,00000000,0024ea30) ret=7f20e4c6b8ef
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024da50,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  user32.DefWindowProcW() retval=00000100 ret=7f20e4c6b8ef
0023:Ret  window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_NCCALCSIZE,wp=00000000,lp=0024ea30) retval=00000100
0023:Call winex11.drv.WindowPosChanging(00010032,00000000,00000010,0024ea10,0024ea30,0024e800,0024e7f8) ret=7f20e413e16b
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e130) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024de30) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e4e0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(00010032,00000000,00000018,0024ea10,0024ea30,0024e800,00000000,7f20e427ac80) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_CREATE,wp=00000000,lp=0024ec00)
0023:Call user32.DefWindowProcW(00010032,00000001,00000000,0024ec00) ret=7f20e4c6b8ef
0023:Ret  user32.DefWindowProcW() retval=00000000 ret=7f20e4c6b8ef
0023:Ret  window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_CREATE,wp=00000000,lp=0024ec00) retval=00000000
0023:Call winex11.drv.CreateWindow(00010032) ret=7f20e41390c4
0023:Ret  winex11.drv.CreateWindow() retval=00000001 ret=7f20e41390c4
0023:Call window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_SIZE,wp=00000000,lp=00000000)
0023:Call user32.DefWindowProcW(00010032,00000005,00000000,00000000) ret=7f20e4c6b8ef
0023:Ret  user32.DefWindowProcW() retval=00000000 ret=7f20e4c6b8ef
0023:Ret  window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_SIZE,wp=00000000,lp=00000000) retval=00000000
0023:Call window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_MOVE,wp=00000000,lp=03000000)
0023:Call user32.DefWindowProcW(00010032,00000003,00000000,03000000) ret=7f20e4c6b8ef
0023:Ret  user32.DefWindowProcW() retval=00000000 ret=7f20e4c6b8ef
0023:Ret  window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_MOVE,wp=00000000,lp=03000000) retval=00000000
0023:Ret  user32.CreateWindowExW() retval=00010032 ret=7f20e4c6c8af
0023:Call user32.LoadStringW(00000000,00000003,7f20e4c7c2a0,00000032) ret=7f20e4c6c8d4
0023:Ret  user32.LoadStringW() retval=00000005 ret=7f20e4c6c8d4
0023:Call user32.GetSystemMetrics(0000004d) ret=7f20e4c6a7dd
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e860) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e560) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000000 ret=7f20e4c6a7dd
0023:Call user32.GetSystemMetrics(0000004f) ret=7f20e4c6a7e9
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e860) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e560) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000300 ret=7f20e4c6a7e9
0023:Call user32.GetSystemMetrics(0000004c) ret=7f20e4c6a7f5
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e860) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e560) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000000 ret=7f20e4c6a7f5
0023:Call user32.GetSystemMetrics(0000004e) ret=7f20e4c6a801
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e860) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e560) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Ret  user32.GetSystemMetrics() retval=00000556 ret=7f20e4c6a801
0023:Call user32.SetWindowPos(00010032,00000000,00000556,00000300,00000000,7f2000000000,00000015) ret=7f20e4c6a82f
0023:Call window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0024ebd0)
0023:Call user32.DefWindowProcW(00010032,00000046,00000000,0024ebd0) ret=7f20e4c6b8ef
0023:Ret  user32.DefWindowProcW() retval=00000000 ret=7f20e4c6b8ef
0023:Ret  window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0024ebd0) retval=00000000
0023:Call winex11.drv.WindowPosChanging(00010032,00000000,0000081d,0024eab0,0024eac0,0024e8b0,0024e8a8) ret=7f20e413e16b
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024e1e0) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024dee0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e590) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(00010032,00000000,0000081d,0024eab0,0024eac0,0024e8b0,00000000,7f20e427ac80) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=0024ebd0)
0023:Call user32.DefWindowProcW(00010032,00000047,00000000,0024ebd0) ret=7f20e4c6b8ef
0023:Call window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_MOVE,wp=00000000,lp=03000556)
0023:Call user32.DefWindowProcW(00010032,00000003,00000000,03000556) ret=7f20e4c6b8ef
0023:Ret  user32.DefWindowProcW() retval=00000000 ret=7f20e4c6b8ef
0023:Ret  window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_MOVE,wp=00000000,lp=03000556) retval=00000000
0023:Ret  user32.DefWindowProcW() retval=00000000 ret=7f20e4c6b8ef
0023:Ret  window proc 0x7f20e4c6b82b (hwnd=0x10032,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=0024ebd0) retval=00000000
0023:Ret  user32.SetWindowPos() retval=00000001 ret=7f20e4c6a82f
0023:Call KERNEL32.LoadLibraryA(7f20e4c6d527 "shell32.dll") ret=7f20e4c6740b
0024:Call winex11.drv.UpdateClipboard() ret=7f20e40acac5
0024:Ret  winex11.drv.UpdateClipboard() retval=00000000 ret=7f20e40acac5
0024:Call window proc 0x7f20e3e56627 (hwnd=0x1002e,msg=WM_CLIPBOARDUPDATE,wp=00000000,lp=00000000)
0024:Ret  window proc 0x7f20e3e56627 (hwnd=0x1002e,msg=WM_CLIPBOARDUPDATE,wp=00000000,lp=00000000) retval=00000000
0024:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0036f870,ffffffff,000004ff,00000000) ret=7f20e4143d55
000b:Call PE DLL (proc=0x7f7662974cca,module=0x7f7662920000 L"winex11.drv",reason=PROCESS_ATTACH,res=(nil))
000b:Ret  PE DLL (proc=0x7f7662974cca,module=0x7f7662920000 L"winex11.drv",reason=PROCESS_ATTACH,res=(nil)) retval=1
000b:Call winex11.drv.wine_get_gdi_driver(00000030) ret=7f766383c30a
000b:Ret  winex11.drv.wine_get_gdi_driver() retval=7f766299cd00 ret=7f766383c30a
000b:Call user32.GetDpiForSystem() ret=7f766386a9b1
000b:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f766386a9b1
0023:Call PE DLL (proc=0x7f20e079155c,module=0x7f20e06a0000 L"ole32.dll",reason=PROCESS_ATTACH,res=(nil))
0023:Ret  PE DLL (proc=0x7f20e079155c,module=0x7f20e06a0000 L"ole32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0023:Call PE DLL (proc=0x7f20e082d3f1,module=0x7f20e0820000 L"shcore.dll",reason=PROCESS_ATTACH,res=(nil))
0023:Call KERNEL32.DisableThreadLibraryCalls(7f20e0820000) ret=7f20e082697b
0023:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f20e082697b
0023:Call KERNEL32.TlsAlloc() ret=7f20e0826980
0023:Ret  KERNEL32.TlsAlloc() retval=00000002 ret=7f20e0826980
0023:Ret  PE DLL (proc=0x7f20e082d3f1,module=0x7f20e0820000 L"shcore.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0023:Call PE DLL (proc=0x7f20e088d85b,module=0x7f20e0850000 L"shlwapi.dll",reason=PROCESS_ATTACH,res=(nil))
0023:Call KERNEL32.DisableThreadLibraryCalls(7f20e0850000) ret=7f20e087d010
0023:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f20e087d010
0023:Ret  PE DLL (proc=0x7f20e088d85b,module=0x7f20e0850000 L"shlwapi.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0023:Call PE DLL (proc=0x7f20e05192aa,module=0x7f20e04f0000 L"usp10.dll",reason=PROCESS_ATTACH,res=(nil))
0023:Call KERNEL32.DisableThreadLibraryCalls(7f20e04f0000) ret=7f20e05193e2
0023:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f20e05193e2
0023:Ret  PE DLL (proc=0x7f20e05192aa,module=0x7f20e04f0000 L"usp10.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0023:Call PE DLL (proc=0x7f20e05f1d87,module=0x7f20e0540000 L"comctl32.dll",reason=PROCESS_ATTACH,res=(nil))
0023:Call KERNEL32.DisableThreadLibraryCalls(7f20e0540000) ret=7f20e055d905
0023:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f20e055d905
0023:Call KERNEL32.GlobalAddAtomW(7f20e05f4c40 L"CC32SubclassInfo") ret=7f20e055d918
0023:Ret  KERNEL32.GlobalAddAtomW() retval=0000c008 ret=7f20e055d918
0023:Call gdi32.CreateBitmap(00000008,00000008,00000001,00000001,7f20e05f4c70) ret=7f20e055d974
0023:Ret  gdi32.CreateBitmap() retval=00450039 ret=7f20e055d974
0023:Call gdi32.CreatePatternBrush(00450039) ret=7f20e055d983
0023:Ret  gdi32.CreatePatternBrush() retval=0002004c ret=7f20e055d983
0023:Call user32.GetSysColor(00000014) ret=7f20e055d773
0023:Ret  user32.GetSysColor() retval=00ffffff ret=7f20e055d773
0023:Call user32.GetSysColor(00000010) ret=7f20e055d783
0023:Ret  user32.GetSysColor() retval=00808080 ret=7f20e055d783
0023:Call user32.GetSysColor(00000012) ret=7f20e055d793
0023:Ret  user32.GetSysColor() retval=00000000 ret=7f20e055d793
0023:Call user32.GetSysColor(0000000f) ret=7f20e055d7a3
0023:Ret  user32.GetSysColor() retval=00c8d0d4 ret=7f20e055d7a3
0023:Call user32.GetSysColor(0000000d) ret=7f20e055d7b3
0023:Ret  user32.GetSysColor() retval=006a240a ret=7f20e055d7b3
0023:Call user32.GetSysColor(0000000e) ret=7f20e055d7c3
0023:Ret  user32.GetSysColor() retval=00ffffff ret=7f20e055d7c3
0023:Call user32.GetSysColor(0000001a) ret=7f20e055d7d3
0023:Ret  user32.GetSysColor() retval=00c80000 ret=7f20e055d7d3
0023:Call user32.GetSysColor(00000014) ret=7f20e055d7e3
0023:Ret  user32.GetSysColor() retval=00ffffff ret=7f20e055d7e3
0023:Call user32.GetSysColor(00000010) ret=7f20e055d7f3
0023:Ret  user32.GetSysColor() retval=00808080 ret=7f20e055d7f3
0023:Call user32.GetSysColor(00000015) ret=7f20e055d803
0023:Ret  user32.GetSysColor() retval=00404040 ret=7f20e055d803
0023:Call user32.GetSysColor(0000000f) ret=7f20e055d813
0023:Ret  user32.GetSysColor() retval=00c8d0d4 ret=7f20e055d813
0023:Call user32.GetSysColor(00000005) ret=7f20e055d823
0023:Ret  user32.GetSysColor() retval=00ffffff ret=7f20e055d823
0023:Call user32.GetSysColor(00000008) ret=7f20e055d833
0023:Ret  user32.GetSysColor() retval=00000000 ret=7f20e055d833
0023:Call user32.GetSysColor(00000011) ret=7f20e055d843
0023:Ret  user32.GetSysColor() retval=00808080 ret=7f20e055d843
0023:Call user32.GetSysColor(00000002) ret=7f20e055d853
0023:Ret  user32.GetSysColor() retval=006a240a ret=7f20e055d853
0023:Call user32.GetSysColor(00000018) ret=7f20e055d863
0023:Ret  user32.GetSysColor() retval=00e1ffff ret=7f20e055d863
0023:Call user32.GetSysColor(00000017) ret=7f20e055d873
0023:Ret  user32.GetSysColor() retval=00000000 ret=7f20e055d873
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e054c6bf
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e054c6bf
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e054c719
0023:Ret  user32.RegisterClassW() retval=0000c01f ret=7f20e054c719
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e0559193
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e0559193
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05591ed
0023:Ret  user32.RegisterClassW() retval=0000c020 ret=7f20e05591ed
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e0561aad
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e0561aad
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e0561b1a
0023:Ret  user32.RegisterClassW() retval=0000c021 ret=7f20e0561b1a
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e056f40b
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e056f40b
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e056f470
0023:Ret  user32.RegisterClassW() retval=0000c022 ret=7f20e056f470
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e0573e6d
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e0573e6d
0023:Call user32.RegisterClassW(0024e500) ret=7f20e0573eb4
0023:Ret  user32.RegisterClassW() retval=0000c023 ret=7f20e0573eb4
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e0574ea7
0023:Ret  user32.RegisterClassW() retval=0000c024 ret=7f20e0574ea7
0023:Call user32.LoadCursorW(00000000,00007f01) ret=7f20e057fd88
0023:Ret  user32.LoadCursorW() retval=00010024 ret=7f20e057fd88
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e057fded
0023:Ret  user32.RegisterClassW() retval=0000c025 ret=7f20e057fded
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e059ec8a
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e059ec8a
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e059ece5
0023:Ret  user32.RegisterClassW() retval=0000c026 ret=7f20e059ece5
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05a6431
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05a6431
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05a648c
0023:Ret  user32.RegisterClassW() retval=0000c027 ret=7f20e05a648c
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05a6796
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05a6796
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05a67f1
0023:Ret  user32.RegisterClassW() retval=0000c028 ret=7f20e05a67f1
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05a98f8
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05a98f8
0023:Call user32.RegisterClassW(0024e500) ret=7f20e05a9940
0023:Ret  user32.RegisterClassW() retval=0000c029 ret=7f20e05a9940
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05aaf0a
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05aaf0a
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05aaf6e
0023:Ret  user32.RegisterClassW() retval=0000c02a ret=7f20e05aaf6e
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05b9d83
0023:Ret  user32.RegisterClassW() retval=0000c02b ret=7f20e05b9d83
0023:Call user32.GetSystemMetrics(00000044) ret=7f20e05b9d8d
0023:Ret  user32.GetSystemMetrics() retval=00000004 ret=7f20e05b9d8d
0023:Call user32.GetSystemMetrics(00000045) ret=7f20e05b9d9d
0023:Ret  user32.GetSystemMetrics() retval=00000004 ret=7f20e05b9d9d
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05be1e6
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05be1e6
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05be25d
0023:Ret  user32.RegisterClassW() retval=0000c02c ret=7f20e05be25d
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05c3185
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05c3185
0023:Call user32.RegisterClassW(0024e500) ret=7f20e05c31ba
0023:Ret  user32.RegisterClassW() retval=0000c02d ret=7f20e05c31ba
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05c8f75
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05c8f75
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05c8fd7
0023:Ret  user32.RegisterClassW() retval=0000c02e ret=7f20e05c8fd7
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05dc4da
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05dc4da
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05dc53c
0023:Ret  user32.RegisterClassW() retval=0000c02f ret=7f20e05dc53c
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05e0958
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05e0958
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05e09cd
0023:Ret  user32.RegisterClassW() retval=0000c030 ret=7f20e05e09cd
0023:Call user32.LoadImageW(7f20e0540000,00000016,00000001,00000000,00000000,00000000) ret=7f20e05e0a02
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  user32.LoadImageW() retval=00010036 ret=7f20e05e0a02
0023:Call user32.LoadImageW(7f20e0540000,00000019,00000001,00000000,00000000,00000000) ret=7f20e05e0a33
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  user32.LoadImageW() retval=00010038 ret=7f20e05e0a33
0023:Call user32.LoadImageW(7f20e0540000,0000001c,00000001,00000000,00000000,00000000) ret=7f20e05e0a64
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Ret  user32.LoadImageW() retval=0001003a ret=7f20e05e0a64
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05e451f
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05e451f
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05e458c
0023:Ret  user32.RegisterClassW() retval=0000c031 ret=7f20e05e458c
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05ef940
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05ef940
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05ef99b
0023:Ret  user32.RegisterClassW() retval=0000c032 ret=7f20e05ef99b
0023:Call user32.LoadCursorW(00000000,00007f00) ret=7f20e05f1c0b
0023:Ret  user32.LoadCursorW() retval=00010022 ret=7f20e05f1c0b
0023:Call user32.RegisterClassW(0024e4f0) ret=7f20e05f1c6d
0023:Ret  user32.RegisterClassW() retval=0000c033 ret=7f20e05f1c6d
0023:Call KERNEL32.LoadLibraryA(7f20e0626b6a "uxtheme.dll") ret=7f20e05f1d65
0023:Call PE DLL (proc=0x7f20e04c98ba,module=0x7f20e04b0000 L"uxtheme.dll",reason=PROCESS_ATTACH,res=(nil))
0023:Call KERNEL32.DisableThreadLibraryCalls(7f20e04b0000) ret=7f20e04c0d74
0023:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f20e04c0d74
0023:Call KERNEL32.GlobalAddAtomW(7f20e04da710 L"ux_theme") ret=7f20e04c66b6
0023:Ret  KERNEL32.GlobalAddAtomW() retval=0000c034 ret=7f20e04c66b6
0023:Call KERNEL32.GlobalAddAtomW(7f20e04da6f0 L"ux_subapp") ret=7f20e04c66c9
0023:Ret  KERNEL32.GlobalAddAtomW() retval=0000c035 ret=7f20e04c66c9
0023:Call KERNEL32.GlobalAddAtomW(7f20e04da6d0 L"ux_subidlst") ret=7f20e04c66dc
0023:Ret  KERNEL32.GlobalAddAtomW() retval=0000c036 ret=7f20e04c66dc
0023:Call KERNEL32.GlobalAddAtomW(7f20e04da6b0 L"ux_dialogtheme") ret=7f20e04c66ef
0023:Ret  KERNEL32.GlobalAddAtomW() retval=0000c037 ret=7f20e04c66ef
0023:Call advapi32.RegOpenKeyW(ffffffff80000001,7f20e04da8a0 L"Software\\Microsoft\\Windows\\CurrentVersion\\ThemeManager",0024db20) ret=7f20e04c670e
0023:Ret  advapi32.RegOpenKeyW() retval=00000002 ret=7f20e04c670e
0023:Ret  PE DLL (proc=0x7f20e04c98ba,module=0x7f20e04b0000 L"uxtheme.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0023:Ret  KERNEL32.LoadLibraryA() retval=7f20e04b0000 ret=7f20e05f1d65
0023:Call KERNEL32.GetProcAddress(7f20e04b0000,7f20e0626cc6 "IsThemeActive") ret=7f20e05f1d46
0023:Ret  KERNEL32.GetProcAddress() retval=7f20e04b30d4 ret=7f20e05f1d46
0023:Call uxtheme.IsThemeActive() ret=7f20e05ce74c
0023:Call advapi32.RegOpenKeyExW(ffffffff80000001,7f20e04cc430 L"Software\\Wine",00000000,00020019,0024e348) ret=7f20e04c02a9
0023:Ret  advapi32.RegOpenKeyExW() retval=00000000 ret=7f20e04c02a9
0023:Call advapi32.RegQueryValueExW(00000068,7f20e04cc410 L"ThemeEngine",00000000,00000000,0024e350,0024e344) ret=7f20e04c02f1
0023:Ret  advapi32.RegQueryValueExW() retval=00000002 ret=7f20e04c02f1
0023:Call advapi32.RegCloseKey(00000068) ret=7f20e04c02fd
0023:Ret  advapi32.RegCloseKey() retval=00000000 ret=7f20e04c02fd
0023:Ret  uxtheme.IsThemeActive() retval=00000000 ret=7f20e05ce74c
0023:Ret  PE DLL (proc=0x7f20e05f1d87,module=0x7f20e0540000 L"comctl32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0023:Call PE DLL (proc=0x7f20e1926b85,module=0x7f20e1920000 L"aclui.dll",reason=PROCESS_ATTACH,res=(nil))
0023:Call KERNEL32.DisableThreadLibraryCalls(7f20e1920000) ret=7f20e1926798
0023:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f20e1926798
0023:Ret  PE DLL (proc=0x7f20e1926b85,module=0x7f20e1920000 L"aclui.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0023:Call PE DLL (proc=0x7f20e0989415,module=0x7f20e08e0000 L"shell32.dll",reason=PROCESS_ATTACH,res=(nil))
0023:Call KERNEL32.DisableThreadLibraryCalls(7f20e08e0000) ret=7f20e0917580
0023:Ret  KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f20e0917580
0023:Call KERNEL32.GetModuleFileNameW(7f20e08e0000,7f20e12d4200,00000104) ret=7f20e0917595
0023:Ret  KERNEL32.GetModuleFileNameW() retval=0000001f ret=7f20e0917595
0023:Ret  PE DLL (proc=0x7f20e0989415,module=0x7f20e08e0000 L"shell32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0023:Ret  KERNEL32.LoadLibraryA() retval=7f20e08e0000 ret=7f20e4c6740b
0023:Call KERNEL32.GetProcAddress(7f20e08e0000,000000bc) ret=7f20e4c67421
0023:Ret  KERNEL32.GetProcAddress() retval=7f20e08e4b2c ret=7f20e4c67421
0023:Call shell32.188(00000001) ret=7f20e4c67434
0023:Call user32.DdeInitializeW(7f20e12d40a0,7f20e08fb354,00014000,00000000) ret=7f20e08fc536
0023:Call winex11.drv.WindowPosChanging(0001003c,00000000,00000014,0024e820,0024e820,0024e610,0024e608) ret=7f20e413e16b
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024d640) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024d340) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024d9f0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f20e41215c1,0024df40) ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024dc40) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f20e4122ef3
0023:Call winex11.drv.GetMonitorInfo(00000001,0024e2f0) ret=7f20e41227e9
0023:Ret  winex11.drv.GetMonitorInfo() retval=00000001 ret=7f20e41227e9
0023:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7f20e413e16b
0023:Call winex11.drv.WindowPosChanged(0001003c,00000000,0000003c,0024e820,0024e820,0024e610,00000000,7f20e427ac80) ret=7f20e413e936
0023:Ret  winex11.drv.WindowPosChanged() retval=00000000 ret=7f20e413e936
0023:Call window proc 0x7f20e40bfb54 (hwnd=0x1003c,msg=WM_NCCREATE,wp=00000000,lp=0024ea10)
0023:Call winex11.drv.SetWindowText(0001003c,000d6510 L"") ret=7f20e40c56b2
0023:Ret  winex11.drv.SetWindowText() retval=00000000 ret=7f20e40c56b2
0023:Ret  window proc 0x7f20e40bfb54 (hwnd=0x1003c,msg=WM_NCCREATE,wp=00000000,lp=0024ea10) retval=00000001
0023:Call imm32.__wine_register_window(0001003c) ret=7f20e4138fcc
0023:Call user32.GetClassNameW(0001003c,0024e610,00000008) ret=7f20e3ee8890
0023:Ret  user32.GetClassNameW() retval=00000007 ret=7f20e3ee8890
0023:Call user32.GetClassLongPtrW(0001003c,ffffffe6) ret=7f20e3ee893f
0023:Ret  user32.GetClassLongPtrW() retval=00000000 ret=7f20e3ee893f
0023:Call user32.GetWindowThreadProcessId(0001003c,0024e584) ret=7f20e3ee7953
0023:Ret  user32.GetWindowThreadProcessId() retval=00000023 ret=7f20e3ee7953
0023:Ret  imm32.__wine_register_window() retval=00000001 ret=7f20e4138fcc
0023:Call window proc 0x7f20e40bfb54 (hwnd=0x1003c,msg=WM_NCCALCSIZE,wp=00000000,lp=0024e840)
0023:Call winex11.drv.SystemParametersInfo(00000029,00000000,0024dd70,00000000) ret=7f20e4123039
0023:Ret  winex11.drv.SystemParametersInfo() retval=00000000 ret=7f20e4123039
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f949b1
0023:Ret  user32.GetDpiForSystem() retval=00000060 ret=7f20e3f949b1
0023:Call user32.GetDpiForSystem() ret=7f20e3f

sca.log version 50