Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error on 11.0.0.55933 #1

Open
luodaoyi opened this issue Jul 31, 2024 · 3 comments
Open

Error on 11.0.0.55933 #1

luodaoyi opened this issue Jul 31, 2024 · 3 comments

Comments

@luodaoyi
Copy link 

World of Warcraft\_retail_> .\memdump.exe .\Wow.exe
[04:09:07.000807]: Started Wow.exe [0x6464]
[04:09:07.000808]: Allocated remote buffer at 0x7ff6d1610000
[04:09:07.000812]: Process base: 0x7ff676df0000
[04:09:07.000812]: TLS callbacks: 0x7ff676df3fb0
[04:09:07.000812]: Start Hooks!
[04:09:07.000812]: NtCreateSection hooked
[04:09:07.000812]: NtMapViewOfSection hooked
[04:09:07.000812]: Hooks setup!
[04:09:07.000812]: Fixing TLS callbacks!
[04:09:07.000812]: Executing TLS Callback 1: 0x7ff676df3fb0
[04:09:07.000812]: Executing TLS Callback 2: 0x7ff676df8ef0
[04:09:07.000837]: NtCreateSection - Set SectionPageProtection to PAGE_EXECUTE_READWRITE
[04:09:07.000837]: NtCreateSection - Page Protection: 0x40 - Allocation Attributes: 0x8400000
[04:09:07.000837]: NtCreateSection - Removed SEC_NO_CHANGE from call
[04:09:07.000910]: NtMapViewOfSection: Called on base 0x7ff676df0000 with 0x20 (50f0000 bytes)
[04:09:07.000910]: NtMapViewOfSection: Set to PAGE_EXECUTE_WRITECOPY as section is SEC_COMMIT (SEC_IMAGE: false)
[04:09:07.000910]: NtMapViewOfSection: Called on base 0x7ff67bee0000 with 0x4 (1fa0000 bytes)
[04:09:07.000910]: NtMapViewOfSection: Called on base 0x7ff67de80000 with 0x2 (0 bytes)
[04:09:08.000254]: Executing TLS Callback 3: 0x7ff6770e79b0
[04:09:08.000259]: Executing TLS Callback 4: 0x7ff6770a5830
[04:09:08.000259]: Executing TLS Callback 5: 0x7ff6770a56f0
[04:09:08.000259]: TLS callbacks fixed!
[04:09:08.000259]: Fixing PE headers!
[04:09:08.000259]: PE headers fixed!
[04:09:08.000259]: Realigning sections!
[04:09:08.000276]: Sections realigned!
[04:09:08.000276]: New section .import added. Virtual Address: 0x734b000
[04:09:08.000277]: 0x007ff67a85a000 -> ADVAPI32.dll!RegCloseKey (ord: 1607 hint: 25E)
[04:09:08.000277]: 0x007ff67a85a008 -> ADVAPI32.dll!RegCreateKeyExA (ord: 1615 hint: 266)
[04:09:08.000277]: 0x007ff67a85a010 -> ADVAPI32.dll!RegCreateKeyExW (ord: 1616 hint: 267)
[04:09:08.000277]: 0x007ff67a85a018 -> ADVAPI32.dll!RegDeleteKeyExA (ord: 1621 hint: 26C)
[04:09:08.000277]: 0x007ff67a85a020 -> ADVAPI32.dll!RegDeleteValueA (ord: 1630 hint: 275)
[04:09:08.000277]: 0x007ff67a85a028 -> ADVAPI32.dll!RegEnumKeyExA (ord: 1637 hint: 27C)
[04:09:08.000277]: 0x007ff67a85a030 -> ADVAPI32.dll!RegEnumValueA (ord: 1640 hint: 27F)
[04:09:08.000277]: 0x007ff67a85a038 -> ADVAPI32.dll!RegFlushKey (ord: 1642 hint: 281)
[04:09:08.000277]: 0x007ff67a85a040 -> ADVAPI32.dll!RegOpenKeyExA (ord: 1655 hint: 28E)
[04:09:08.000277]: 0x007ff67a85a048 -> ADVAPI32.dll!RegOpenKeyExW (ord: 1656 hint: 28F)
[04:09:08.000277]: 0x007ff67a85a050 -> ADVAPI32.dll!RegQueryInfoKeyA (ord: 1662 hint: 295)
[04:09:08.000277]: 0x007ff67a85a058 -> ADVAPI32.dll!RegQueryValueExA (ord: 1668 hint: 29B)
[04:09:08.000277]: 0x007ff67a85a060 -> ADVAPI32.dll!RegQueryValueExW (ord: 1669 hint: 29C)
[04:09:08.000277]: 0x007ff67a85a068 -> ADVAPI32.dll!RegSetValueExA (ord: 1684 hint: 2AB)
[04:09:08.000277]: 0x007ff67a85a070 -> ADVAPI32.dll!RegSetValueExW (ord: 1685 hint: 2AC)
[04:09:08.000277]: 0x007ff67a85a078 -> ADVAPI32.dll!RegQueryMultipleValuesW (ord: 1665 hint: 298)
[04:09:08.000277]: 0x007ff67a85a080 -> ADVAPI32.dll!RegGetValueW (ord: 1645 hint: 284)
[04:09:08.000277]: 0x007ff67a85a088 -> ADVAPI32.dll!GetUserNameW (ord: 1381 hint: 17B)
[04:09:08.000277]: 0x007ff67a85a090 -> ADVAPI32.dll!EventWriteTransfer (ord: 1299 hint: 129) [forwarded]
[04:09:08.000277]: 0x007ff67a85a098 -> ADVAPI32.dll!EventUnregister (ord: 1293 hint: 123) [forwarded]
[04:09:08.000277]: 0x007ff67a85a0a0 -> ADVAPI32.dll!EventRegister (ord: 1291 hint: 121) [forwarded]
[04:09:08.000277]: 0x007ff67a85a0a8 -> ADVAPI32.dll!CryptEncrypt (ord: 1205 hint: CB)
[04:09:08.000277]: 0x007ff67a85a0b0 -> ADVAPI32.dll!CryptImportKey (ord: 1221 hint: DB)
[04:09:08.000277]: 0x007ff67a85a0b8 -> ADVAPI32.dll!CryptDestroyKey (ord: 1202 hint: C8)
[04:09:08.000277]: 0x007ff67a85a0c0 -> ADVAPI32.dll!CryptDestroyHash (ord: 1201 hint: C7)
[04:09:08.000277]: 0x007ff67a85a0c8 -> ADVAPI32.dll!CryptHashData (ord: 1219 hint: D9)
[04:09:08.000277]: 0x007ff67a85a0d0 -> ADVAPI32.dll!CryptCreateHash (ord: 1198 hint: C4)
[04:09:08.000277]: 0x007ff67a85a0d8 -> ADVAPI32.dll!CryptGetHashParam (ord: 1215 hint: D5)
[04:09:08.000277]: 0x007ff67a85a0e0 -> ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW (ord: 1131 hint: 81)
[04:09:08.000277]: 0x007ff67a85a0e8 -> ADVAPI32.dll!CryptAcquireContextA (ord: 1195 hint: C1)
[04:09:08.000277]: 0x007ff67a85a0f0 -> ADVAPI32.dll!CryptGenRandom (ord: 1212 hint: D2)
[04:09:08.000277]: 0x007ff67a85a0f8 -> ADVAPI32.dll!CryptReleaseContext (ord: 1222 hint: DC)
[04:09:08.000277]: 0x007ff67a85a100 -> ADVAPI32.dll!CryptAcquireContextW (ord: 1196 hint: C2)
[04:09:08.000277]: 0x007ff67a85a108 -> ADVAPI32.dll!RegOpenKeyA (ord: 1654 hint: 28D)
[04:09:08.000277]: 0x007ff67a85a110 -> ADVAPI32.dll!RegEnumKeyA (ord: 1636 hint: 27B)
[04:09:08.000277]: 0x007ff67a85a118 -> ADVAPI32.dll!AllocateLocallyUniqueId (ord: 1035 hint: 21)
[04:09:08.000277]: 0x007ff67a85a128 -> COMCTL32.dll!InitCommonControlsEx (ord: 94 hint: 7C)
[04:09:08.000277]: 0x007ff67a85a138 -> CRYPT32.dll!CertGetCRLContextProperty (ord: 1086 hint: 42)
[04:09:08.000277]: 0x007ff67a85a140 -> CRYPT32.dll!CertCreateCertificateContext (ord: 1048 hint: 1C)
[04:09:08.000277]: 0x007ff67a85a148 -> CRYPT32.dll!CertFindCertificateInStore (ord: 1073 hint: 35)
[04:09:08.000277]: 0x007ff67a85a150 -> CRYPT32.dll!CertOpenStore (ord: 1109 hint: 59)
[04:09:08.000277]: 0x007ff67a85a158 -> CRYPT32.dll!CryptDecodeObjectEx (ord: 1151 hint: 83)
[04:09:08.000277]: 0x007ff67a85a160 -> CRYPT32.dll!CertFreeCertificateChain (ord: 1081 hint: 3D)
[04:09:08.000277]: 0x007ff67a85a168 -> CRYPT32.dll!CertFreeCertificateContext (ord: 1084 hint: 40)
[04:09:08.000277]: 0x007ff67a85a170 -> CRYPT32.dll!CertGetIssuerCertificateFromStore (ord: 1093 hint: 49)
[04:09:08.000277]: 0x007ff67a85a178 -> CRYPT32.dll!CertCloseStore (ord: 1038 hint: 12)
[04:09:08.000277]: 0x007ff67a85a180 -> CRYPT32.dll!CryptUnprotectData (ord: 1238 hint: E1)
[04:09:08.000277]: 0x007ff67a85a188 -> CRYPT32.dll!CertNameToStrA (ord: 1105 hint: 55)
[04:09:08.000277]: 0x007ff67a85a190 -> CRYPT32.dll!CertGetNameStringA (ord: 1094 hint: 4A)
[04:09:08.000277]: 0x007ff67a85a198 -> CRYPT32.dll!CertAddCertificateContextToStore (ord: 1024 hint: 4)
[04:09:08.000277]: 0x007ff67a85a1a0 -> CRYPT32.dll!CertGetCertificateChain (ord: 1089 hint: 45)
[04:09:08.000277]: 0x007ff67a85a1a8 -> CRYPT32.dll!CertVerifyCertificateChainPolicy (ord: 1138 hint: 76)
[04:09:08.000277]: 0x007ff67a85a1b0 -> CRYPT32.dll!CryptStringToBinaryA (ord: 1235 hint: DE)
[04:09:08.000277]: 0x007ff67a85a1b8 -> CRYPT32.dll!CertEnumCertificatesInStore (ord: 1064 hint: 2C)
[04:09:08.000277]: 0x007ff67a85a1c0 -> CRYPT32.dll!CryptStringToBinaryW (ord: 1236 hint: DF)
[04:09:08.000277]: 0x007ff67a85a1c8 -> CRYPT32.dll!PFXImportCertStore (ord: 1304 hint: 124)
[04:09:08.000277]: 0x007ff67a85a1d0 -> CRYPT32.dll!CertGetNameStringW (ord: 1095 hint: 4B)
[04:09:08.000277]: 0x007ff67a85a1d8 -> CRYPT32.dll!CryptQueryObject (ord: 1210 hint: C5)
[04:09:08.000277]: 0x007ff67a85a1e0 -> CRYPT32.dll!CertCreateCertificateChainEngine (ord: 1047 hint: 1B)
[04:09:08.000277]: 0x007ff67a85a1e8 -> CRYPT32.dll!CertFreeCertificateChainEngine (ord: 1082 hint: 3E)
[04:09:08.000277]: 0x007ff67a85a1f0 -> CRYPT32.dll!CertVerifyTimeValidity (ord: 1141 hint: 79)
[04:09:08.000277]: 0x007ff67a85a1f8 -> CRYPT32.dll!CertFindExtension (ord: 1075 hint: 37)
[04:09:08.000277]: 0x007ff67a85a200 -> CRYPT32.dll!CryptMemFree (ord: 1191 hint: AB)
[04:09:08.000277]: 0x007ff67a85a210 -> GDI32.dll!GetICMProfileW (ord: 1681 hint: 29C)
[04:09:08.000277]: 0x007ff67a85a218 -> GDI32.dll!GetDeviceGammaRamp (ord: 1652 hint: 27F)
[04:09:08.000277]: 0x007ff67a85a220 -> GDI32.dll!SetDeviceGammaRamp (ord: 1903 hint: 37A)
[04:09:08.000277]: 0x007ff67a85a228 -> GDI32.dll!CreateCompatibleDC (ord: 1064 hint: 31)
[04:09:08.000277]: 0x007ff67a85a230 -> GDI32.dll!CreateFontIndirectW (ord: 1081 hint: 43)
[04:09:08.000278]: 0x007ff67a85a238 -> GDI32.dll!GetTextExtentPoint32A (ord: 1734 hint: 2D1)
[04:09:08.000278]: 0x007ff67a85a240 -> GDI32.dll!SelectObject (ord: 1884 hint: 367)
[04:09:08.000278]: 0x007ff67a85a248 -> GDI32.dll!GetTextMetricsW (ord: 1743 hint: 2DA)
[04:09:08.000278]: 0x007ff67a85a250 -> GDI32.dll!CreateSolidBrush (ord: 1104 hint: 5A)
[04:09:08.000278]: 0x007ff67a85a258 -> GDI32.dll!CreateCompatibleBitmap (ord: 1063 hint: 30)
[04:09:08.000278]: 0x007ff67a85a260 -> GDI32.dll!GetDIBits (ord: 1650 hint: 27D)
[04:09:08.000278]: 0x007ff67a85a268 -> GDI32.dll!BitBlt (ord: 1034 hint: 13)
[04:09:08.000278]: 0x007ff67a85a270 -> GDI32.dll!CombineRgn (ord: 1049 hint: 22)
[04:09:08.000278]: 0x007ff67a85a278 -> GDI32.dll!CreateRectRgn (ord: 1097 hint: 53)
[04:09:08.000278]: 0x007ff67a85a280 -> GDI32.dll!CreateDIBSection (ord: 1069 hint: 37)
[04:09:08.000278]: 0x007ff67a85a288 -> GDI32.dll!DeleteObject (ord: 1401 hint: 183)
[04:09:08.000278]: 0x007ff67a85a290 -> GDI32.dll!CreateBitmap (ord: 1056 hint: 29)
[04:09:08.000278]: 0x007ff67a85a298 -> GDI32.dll!CreateDCW (ord: 1066 hint: 34)
[04:09:08.000278]: 0x007ff67a85a2a0 -> GDI32.dll!DeleteDC (ord: 1398 hint: 180)
[04:09:08.000278]: 0x007ff67a85a2a8 -> GDI32.dll!GetDeviceCaps (ord: 1651 hint: 27E)
[04:09:08.000278]: 0x007ff67a85a2b8 -> IMM32.dll!ImmGetCandidateListW (ord: 53 hint: 34)
[04:09:08.000278]: 0x007ff67a85a2c0 -> IMM32.dll!ImmSetCompositionStringW (ord: 119 hint: 76)
[04:09:08.000278]: 0x007ff67a85a2c8 -> IMM32.dll!ImmGetIMEFileNameA (ord: 73 hint: 48)
[04:09:08.000278]: 0x007ff67a85a2d0 -> IMM32.dll!ImmSetCompositionWindow (ord: 120 hint: 77)
[04:09:08.000278]: 0x007ff67a85a2d8 -> IMM32.dll!ImmSetCandidateWindow (ord: 115 hint: 72)
[04:09:08.000278]: 0x007ff67a85a2e0 -> IMM32.dll!ImmGetContext (ord: 60 hint: 3B)
[04:09:08.000278]: 0x007ff67a85a2e8 -> IMM32.dll!ImmReleaseContext (ord: 108 hint: 6B)
[04:09:08.000278]: 0x007ff67a85a2f0 -> IMM32.dll!ImmGetCompositionStringW (ord: 58 hint: 39)
[04:09:08.000278]: 0x007ff67a85a2f8 -> IMM32.dll!ImmGetIMEFileNameW (ord: 74 hint: 49)
[04:09:08.000278]: 0x007ff67a85a300 -> IMM32.dll!ImmAssociateContext (ord: 27 hint: 1A)
[04:09:08.000278]: 0x007ff67a85a308 -> IMM32.dll!ImmAssociateContextEx (ord: 28 hint: 1B)
[04:09:08.000278]: 0x007ff67a85a310 -> IMM32.dll!ImmNotifyIME (ord: 101 hint: 64)
[04:09:08.000278]: 0x007ff67a85a320 -> IPHLPAPI.DLL!GetAdaptersInfo (ord: 69 hint: 44)
[04:09:08.000278]: 0x007ff67a85a328 -> IPHLPAPI.DLL!GetAdaptersAddresses (ord: 68 hint: 43)
[04:09:08.000278]: 0x007ff67a85a338 -> ntdll.dll!RtlAddVectoredExceptionHandler (ord: 727 hint: 2CE)
[04:09:08.000278]: 0x007ff67a85a340 -> KERNEL32.dll!ConvertThreadToFiberEx (ord: 169 hint: A8)
[04:09:08.000278]: 0x007ff67a85a348 -> KERNEL32.dll!WerRegisterRuntimeExceptionModule (ord: 1536 hint: 5FF)
[04:09:08.000278]: 0x007ff67a85a350 -> KERNEL32.dll!WerUnregisterRuntimeExceptionModule (ord: 1548 hint: 60B)
[04:09:08.000278]: 0x007ff67a85a358 -> KERNEL32.dll!SetCurrentDirectoryW (ord: 1307 hint: 51A)
[04:09:08.000278]: 0x007ff67a85a360 -> KERNEL32.dll!GetCurrentDirectoryW (ord: 539 hint: 21A)
[04:09:08.000278]: 0x007ff67a85a368 -> KERNEL32.dll!CreateDirectoryW (ord: 190 hint: BD)
[04:09:08.000278]: 0x007ff67a85a370 -> KERNEL32.dll!FindClose (ord: 383 hint: 17E)
[04:09:08.000278]: 0x007ff67a85a378 -> KERNEL32.dll!FindFirstFileW (ord: 394 hint: 189)
[04:09:08.000278]: 0x007ff67a85a380 -> KERNEL32.dll!FindNextFileW (ord: 406 hint: 195)
[04:09:08.000278]: 0x007ff67a85a388 -> KERNEL32.dll!GetFileAttributesW (ord: 592 hint: 24F)
[04:09:08.000278]: 0x007ff67a85a390 -> KERNEL32.dll!RemoveDirectoryW (ord: 1217 hint: 4C0)
[04:09:08.000278]: 0x007ff67a85a398 -> KERNEL32.dll!MoveFileW (ord: 1011 hint: 3F2)
[04:09:08.000279]: 0x007ff67a85a3a0 -> KERNEL32.dll!Sleep (ord: 1425 hint: 590)
[04:09:08.000279]: 0x007ff67a85a3a8 -> KERNEL32.dll!LocalFree (ord: 983 hint: 3D6)
[04:09:08.000279]: 0x007ff67a85a3b0 -> KERNEL32.dll!GetProcessAffinityMask (ord: 698 hint: 2B9)
[04:09:08.000279]: 0x007ff67a85a3b8 -> KERNEL32.dll!SetThreadAffinityMask (ord: 1382 hint: 565)
[04:09:08.000279]: 0x007ff67a85a3c0 -> KERNEL32.dll!InitOnceInitialize (ord: 871 hint: 366) [forwarded]
[04:09:08.000279]: 0x007ff67a85a3c8 -> KERNEL32.dll!ReleaseSRWLockExclusive (ord: 1210 hint: 4B9) [forwarded]
[04:09:08.000279]: 0x007ff67a85a3d0 -> KERNEL32.dll!AcquireSRWLockExclusive (ord: 1 hint: 0) [forwarded]
[04:09:08.000279]: 0x007ff67a85a3d8 -> KERNEL32.dll!TryAcquireSRWLockExclusive (ord: 1465 hint: 5B8) [forwarded]
[04:09:08.000279]: 0x007ff67a85a3e0 -> KERNEL32.dll!GetStdHandle (ord: 733 hint: 2DC)
[04:09:08.000279]: 0x007ff67a85a3e8 -> KERNEL32.dll!SetHandleInformation (ord: 1343 hint: 53E)
[04:09:08.000279]: 0x007ff67a85a3f0 -> KERNEL32.dll!CreatePipe (ord: 225 hint: E0)
[04:09:08.000279]: 0x007ff67a85a3f8 -> KERNEL32.dll!SetNamedPipeHandleState (ord: 1356 hint: 54B)
[04:09:08.000279]: 0x007ff67a85a400 -> KERNEL32.dll!OpenProcess (ord: 1043 hint: 412)
[04:09:08.000279]: 0x007ff67a85a408 -> KERNEL32.dll!CreateJobObjectW (ord: 214 hint: D5)
[04:09:08.000279]: 0x007ff67a85a410 -> KERNEL32.dll!AssignProcessToJobObject (ord: 37 hint: 24)
[04:09:08.000279]: 0x007ff67a85a418 -> KERNEL32.dll!SetInformationJobObject (ord: 1344 hint: 53F)
[04:09:08.000279]: 0x007ff67a85a420 -> KERNEL32.dll!CreateActCtxW (ord: 180 hint: B3)
[04:09:08.000279]: 0x007ff67a85a428 -> KERNEL32.dll!ActivateActCtx (ord: 3 hint: 2)
[04:09:08.000279]: 0x007ff67a85a430 -> KERNEL32.dll!DeactivateActCtx (ord: 263 hint: 106)
[04:09:08.000279]: 0x007ff67a85a438 -> KERNEL32.dll!VirtualProtect (ord: 1505 hint: 5E0)
[04:09:08.000279]: 0x007ff67a85a440 -> KERNEL32.dll!CreateFileMappingW (ord: 204 hint: CB)
[04:09:08.000279]: 0x007ff67a85a448 -> KERNEL32.dll!OpenFileMappingW (ord: 1035 hint: 40A)
[04:09:08.000279]: 0x007ff67a85a450 -> KERNEL32.dll!MapViewOfFile (ord: 998 hint: 3E5)
[04:09:08.000279]: 0x007ff67a85a458 -> KERNEL32.dll!UnmapViewOfFile (ord: 1477 hint: 5C4)
[04:09:08.000280]: 0x007ff67a85a460 -> KERNEL32.dll!ReleaseSRWLockShared (ord: 1211 hint: 4BA) [forwarded]
[04:09:08.000280]: 0x007ff67a85a468 -> KERNEL32.dll!AcquireSRWLockShared (ord: 2 hint: 1) [forwarded]
[04:09:08.000280]: 0x007ff67a85a470 -> KERNEL32.dll!TryAcquireSRWLockShared (ord: 1466 hint: 5B9) [forwarded]
[04:09:08.000280]: 0x007ff67a85a478 -> KERNEL32.dll!GetSystemInfo (ord: 750 hint: 2ED)
[04:09:08.000280]: 0x007ff67a85a480 -> KERNEL32.dll!GetLogicalProcessorInformationEx (ord: 628 hint: 273) [forwarded]
[04:09:08.000280]: 0x007ff67a85a488 -> KERNEL32.dll!GetNativeSystemInfo (ord: 655 hint: 28E)
[04:09:08.000280]: 0x007ff67a85a490 -> KERNEL32.dll!QueryPerformanceCounter (ord: 1107 hint: 452)
[04:09:08.000280]: 0x007ff67a85a498 -> KERNEL32.dll!QueryPerformanceFrequency (ord: 1108 hint: 453)
[04:09:08.000280]: 0x007ff67a85a4a0 -> KERNEL32.dll!GetProcessTimes (ord: 713 hint: 2C8)
[04:09:08.000280]: 0x007ff67a85a4a8 -> KERNEL32.dll!GetSystemTimeAsFileTime (ord: 756 hint: 2F3)
[04:09:08.000280]: 0x007ff67a85a4b0 -> KERNEL32.dll!GetTickCount64 (ord: 787 hint: 312)
[04:09:08.000280]: 0x007ff67a85a4b8 -> KERNEL32.dll!GetTimeZoneInformation (ord: 793 hint: 318)
[04:09:08.000280]: 0x007ff67a85a4c0 -> KERNEL32.dll!SetEnvironmentVariableW (ord: 1318 hint: 525)
[04:09:08.000280]: 0x007ff67a85a4c8 -> KERNEL32.dll!GetVersionExW (ord: 808 hint: 327)
[04:09:08.000280]: 0x007ff67a85a4d0 -> KERNEL32.dll!SetThreadExecutionState (ord: 1386 hint: 569)
[04:09:08.000280]: 0x007ff67a85a4d8 -> KERNEL32.dll!GetComputerNameW (ord: 489 hint: 1E8)
[04:09:08.000280]: 0x007ff67a85a4e0 -> KERNEL32.dll!GetSystemPowerStatus (ord: 751 hint: 2EE)
[04:09:08.000280]: 0x007ff67a85a4e8 -> KERNEL32.dll!CreateFileW (ord: 207 hint: CE)
[04:09:08.000280]: 0x007ff67a85a4f0 -> KERNEL32.dll!DeleteFileW (ord: 282 hint: 119)
[04:09:08.000280]: 0x007ff67a85a4f8 -> KERNEL32.dll!FlushFileBuffers (ord: 425 hint: 1A8)
[04:09:08.000280]: 0x007ff67a85a500 -> KERNEL32.dll!GetFileAttributesExW (ord: 589 hint: 24C)
[04:09:08.000280]: 0x007ff67a85a508 -> KERNEL32.dll!GetFileSizeEx (ord: 599 hint: 256)
[04:09:08.000280]: 0x007ff67a85a510 -> KERNEL32.dll!GetFinalPathNameByHandleW (ord: 603 hint: 25A)
[04:09:08.000280]: 0x007ff67a85a518 -> KERNEL32.dll!ReadFile (ord: 1147 hint: 47A)
[04:09:08.000280]: 0x007ff67a85a520 -> KERNEL32.dll!SetEndOfFile (ord: 1314 hint: 521)
[04:09:08.000280]: 0x007ff67a85a528 -> KERNEL32.dll!SetFileAttributesW (ord: 1327 hint: 52E)
[04:09:08.000280]: 0x007ff67a85a530 -> KERNEL32.dll!SetFilePointer (ord: 1332 hint: 533)
[04:09:08.000281]: 0x007ff67a85a538 -> KERNEL32.dll!SetFilePointerEx (ord: 1333 hint: 534)
[04:09:08.000281]: 0x007ff67a85a540 -> KERNEL32.dll!DeviceIoControl (ord: 293 hint: 124)
[04:09:08.000281]: 0x007ff67a85a548 -> KERNEL32.dll!CopyFileW (ord: 177 hint: B0)
[04:09:08.000281]: 0x007ff67a85a550 -> KERNEL32.dll!MoveFileExW (ord: 1008 hint: 3EF)
[04:09:08.000281]: 0x007ff67a85a558 -> KERNEL32.dll!OutputDebugStringW (ord: 1055 hint: 41E)
[04:09:08.000281]: 0x007ff67a85a560 -> KERNEL32.dll!WakeConditionVariable (ord: 1525 hint: 5F4) [forwarded]
[04:09:08.000281]: 0x007ff67a85a568 -> KERNEL32.dll!SleepConditionVariableSRW (ord: 1427 hint: 592) [forwarded]
[04:09:08.000281]: 0x007ff67a85a570 -> KERNEL32.dll!LoadLibraryExW (ord: 971 hint: 3CA)
[04:09:08.000281]: 0x007ff67a85a578 -> KERNEL32.dll!Module32NextW (ord: 1005 hint: 3EC)
[04:09:08.000281]: 0x007ff67a85a580 -> KERNEL32.dll!RtlCaptureContext (ord: 1239 hint: 4D6)
[04:09:08.000281]: 0x007ff67a85a588 -> KERNEL32.dll!K32EnumProcessModules (ord: 927 hint: 39E)
[04:09:08.000281]: 0x007ff67a85a590 -> KERNEL32.dll!SystemTimeToTzSpecificLocalTime (ord: 1437 hint: 59C)
[04:09:08.000281]: 0x007ff67a85a598 -> KERNEL32.dll!PeekNamedPipe (ord: 1064 hint: 427)
[04:09:08.000281]: 0x007ff67a85a5a0 -> KERNEL32.dll!RtlUnwind (ord: 1251 hint: 4E2)
[04:09:08.000281]: 0x007ff67a85a5a8 -> KERNEL32.dll!FlushProcessWriteBuffers (ord: 427 hint: 1AA) [forwarded]
[04:09:08.000281]: 0x007ff67a85a5b0 -> KERNEL32.dll!CreateSemaphoreExW (ord: 239 hint: EE)
[04:09:08.000281]: 0x007ff67a85a5b8 -> KERNEL32.dll!InitOnceInitialize (ord: 871 hint: 366) [forwarded]
[04:09:08.000281]: 0x007ff67a85a5c0 -> KERNEL32.dll!CreateFileMappingA (ord: 200 hint: C7)
[04:09:08.000281]: 0x007ff67a85a5c8 -> KERNEL32.dll!FlushViewOfFile (ord: 428 hint: 1AB)
[04:09:08.000281]: 0x007ff67a85a5d0 -> KERNEL32.dll!CreateMutexA (ord: 219 hint: DA)
[04:09:08.000282]: 0x007ff67a85a5d8 -> KERNEL32.dll!GetLocaleInfoA (ord: 621 hint: 26C)
[04:09:08.000282]: 0x007ff67a85a5e0 -> KERNEL32.dll!SleepEx (ord: 1428 hint: 593)
[04:09:08.000282]: 0x007ff67a85a5e8 -> KERNEL32.dll!CancelIoEx (ord: 117 hint: 74)
[04:09:08.000282]: 0x007ff67a85a5f0 -> KERNEL32.dll!PostQueuedCompletionStatus (ord: 1065 hint: 428)
[04:09:08.000282]: 0x007ff67a85a5f8 -> KERNEL32.dll!GetQueuedCompletionStatusEx (ord: 726 hint: 2D5)
[04:09:08.000282]: 0x007ff67a85a600 -> KERNEL32.dll!CreateIoCompletionPort (ord: 212 hint: D3)
[04:09:08.000282]: 0x007ff67a85a608 -> KERNEL32.dll!QueryFullProcessImageNameA (ord: 1100 hint: 44B)
[04:09:08.000282]: 0x007ff67a85a610 -> KERNEL32.dll!GetVolumePathNameW (ord: 815 hint: 32E)
[04:09:08.000282]: 0x007ff67a85a618 -> KERNEL32.dll!GetDriveTypeW (ord: 570 hint: 239)
[04:09:08.000282]: 0x007ff67a85a620 -> KERNEL32.dll!GetCurrentProcessorNumberEx (ord: 548 hint: 223) [forwarded]
[04:09:08.000282]: 0x007ff67a85a628 -> KERNEL32.dll!CompareStringA (ord: 156 hint: 9B)
[04:09:08.000282]: 0x007ff67a85a630 -> KERNEL32.dll!Module32FirstW (ord: 1003 hint: 3EA)
[04:09:08.000282]: 0x007ff67a85a638 -> KERNEL32.dll!MulDiv (ord: 1014 hint: 3F5)
[04:09:08.000282]: 0x007ff67a85a640 -> KERNEL32.dll!GetEnvironmentVariableA (ord: 579 hint: 242)
[04:09:08.000282]: 0x007ff67a85a648 -> KERNEL32.dll!SetErrorMode (ord: 1319 hint: 526)
[04:09:08.000282]: 0x007ff67a85a650 -> KERNEL32.dll!GetSystemDirectoryW (ord: 747 hint: 2EA)
[04:09:08.000282]: 0x007ff67a85a658 -> KERNEL32.dll!GetSystemDefaultLangID (ord: 743 hint: 2E6)
[04:09:08.000282]: 0x007ff67a85a660 -> KERNEL32.dll!FlushInstructionCache (ord: 426 hint: 1A9)
[04:09:08.000282]: 0x007ff67a85a668 -> KERNEL32.dll!SetThreadContext (ord: 1383 hint: 566)
[04:09:08.000282]: 0x007ff67a85a670 -> KERNEL32.dll!HeapCreate (ord: 852 hint: 353)
[04:09:08.000282]: 0x007ff67a85a678 -> KERNEL32.dll!WaitForMultipleObjectsEx (ord: 1515 hint: 5EA)
[04:09:08.000282]: 0x007ff67a85a680 -> KERNEL32.dll!WaitForSingleObjectEx (ord: 1517 hint: 5EC)
[04:09:08.000282]: 0x007ff67a85a688 -> KERNEL32.dll!WriteFileEx (ord: 1576 hint: 627)
[04:09:08.000282]: 0x007ff67a85a690 -> KERNEL32.dll!ReadFileEx (ord: 1148 hint: 47B)
[04:09:08.000282]: 0x007ff67a85a698 -> KERNEL32.dll!GetUserDefaultUILanguage (ord: 802 hint: 321)
[04:09:08.000282]: 0x007ff67a85a6a0 -> KERNEL32.dll!GetVersionExA (ord: 807 hint: 326)
[04:09:08.000282]: 0x007ff67a85a6a8 -> KERNEL32.dll!InitializeCriticalSectionEx (ord: 877 hint: 36C)
[04:09:08.000283]: 0x007ff67a85a6b0 -> KERNEL32.dll!OpenFile (ord: 1032 hint: 407)
[04:09:08.000283]: 0x007ff67a85a6b8 -> KERNEL32.dll!GetSystemDirectoryA (ord: 746 hint: 2E9)
[04:09:08.000283]: 0x007ff67a85a6c0 -> KERNEL32.dll!CreateWaitableTimerA (ord: 258 hint: 101)
[04:09:08.000283]: 0x007ff67a85a6c8 -> KERNEL32.dll!SetWaitableTimer (ord: 1418 hint: 589)
[04:09:08.000283]: 0x007ff67a85a6d0 -> KERNEL32.dll!LocalAlloc (ord: 978 hint: 3D1)
[04:09:08.000283]: 0x007ff67a85a6d8 -> KERNEL32.dll!LoadLibraryA (ord: 969 hint: 3C8)
[04:09:08.000283]: 0x007ff67a85a6e0 -> KERNEL32.dll!FileTimeToSystemTime (ord: 372 hint: 173)
[04:09:08.000283]: 0x007ff67a85a6e8 -> KERNEL32.dll!GetUserDefaultLocaleName (ord: 801 hint: 320)
[04:09:08.000283]: 0x007ff67a85a6f0 -> KERNEL32.dll!GetUserDefaultLangID (ord: 800 hint: 31F)
[04:09:08.000283]: 0x007ff67a85a6f8 -> KERNEL32.dll!VerifyVersionInfoW (ord: 1498 hint: 5D9)
[04:09:08.000283]: 0x007ff67a85a700 -> KERNEL32.dll!CancelIo (ord: 116 hint: 73)
[04:09:08.000283]: 0x007ff67a85a708 -> KERNEL32.dll!GetOverlappedResult (ord: 675 hint: 2A2)
[04:09:08.000283]: 0x007ff67a85a710 -> KERNEL32.dll!GetFileSize (ord: 598 hint: 255)
[04:09:08.000283]: 0x007ff67a85a718 -> KERNEL32.dll!GetFileInformationByHandle (ord: 594 hint: 251)
[04:09:08.000283]: 0x007ff67a85a720 -> KERNEL32.dll!GetDiskFreeSpaceExW (ord: 563 hint: 232)
[04:09:08.000283]: 0x007ff67a85a728 -> KERNEL32.dll!VerSetConditionMask (ord: 1494 hint: 5D5) [forwarded]
[04:09:08.000283]: 0x007ff67a85a730 -> KERNEL32.dll!GetPriorityClass (ord: 686 hint: 2AD)
[04:09:08.000283]: 0x007ff67a85a738 -> KERNEL32.dll!SetPriorityClass (ord: 1357 hint: 54C)
[04:09:08.000283]: 0x007ff67a85a740 -> KERNEL32.dll!Process32NextW (ord: 1076 hint: 433)
[04:09:08.000283]: 0x007ff67a85a748 -> KERNEL32.dll!Process32FirstW (ord: 1074 hint: 431)
[04:09:08.000283]: 0x007ff67a85a750 -> KERNEL32.dll!QueryFullProcessImageNameW (ord: 1101 hint: 44C)
[04:09:08.000283]: 0x007ff67a85a758 -> KERNEL32.dll!GetTempPathA (ord: 768 hint: 2FF)
[04:09:08.000283]: 0x007ff67a85a760 -> KERNEL32.dll!DeleteFileA (ord: 279 hint: 116)
[04:09:08.000283]: 0x007ff67a85a768 -> KERNEL32.dll!GetVolumeInformationW (ord: 811 hint: 32A)
[04:09:08.000283]: 0x007ff67a85a770 -> KERNEL32.dll!WriteConsoleW (ord: 1574 hint: 625)
[04:09:08.000284]: 0x007ff67a85a778 -> KERNEL32.dll!SetStdHandle (ord: 1373 hint: 55C)
[04:09:08.000284]: 0x007ff67a85a780 -> KERNEL32.dll!FreeEnvironmentStringsW (ord: 436 hint: 1B3)
[04:09:08.000284]: 0x007ff67a85a788 -> KERNEL32.dll!GetEnvironmentStringsW (ord: 578 hint: 241)
[04:09:08.000284]: 0x007ff67a85a790 -> KERNEL32.dll!FindFirstFileExW (ord: 389 hint: 184)
[04:09:08.000284]: 0x007ff67a85a798 -> KERNEL32.dll!GetOEMCP (ord: 674 hint: 2A1)
[04:09:08.000284]: 0x007ff67a85a7a0 -> KERNEL32.dll!GetACP (ord: 444 hint: 1BB)
[04:09:08.000284]: 0x007ff67a85a7a8 -> KERNEL32.dll!IsValidCodePage (ord: 915 hint: 392)
[04:09:08.000284]: 0x007ff67a85a7b0 -> KERNEL32.dll!GetStringTypeW (ord: 738 hint: 2E1)
[04:09:08.000284]: 0x007ff67a85a7b8 -> KERNEL32.dll!GetCPInfo (ord: 459 hint: 1CA)
[04:09:08.000284]: 0x007ff67a85a7c0 -> KERNEL32.dll!EnumSystemLocalesW (ord: 349 hint: 15C)
[04:09:08.000284]: 0x007ff67a85a7c8 -> KERNEL32.dll!GetUserDefaultLCID (ord: 799 hint: 31E)
[04:09:08.000284]: 0x007ff67a85a7d0 -> KERNEL32.dll!IsValidLocale (ord: 917 hint: 394)
[04:09:08.000284]: 0x007ff67a85a7d8 -> KERNEL32.dll!GetLocaleInfoW (ord: 623 hint: 26E)
[04:09:08.000284]: 0x007ff67a85a7e0 -> KERNEL32.dll!LCMapStringW (ord: 953 hint: 3B8)
[04:09:08.000284]: 0x007ff67a85a7e8 -> KERNEL32.dll!CompareStringW (ord: 159 hint: 9E)
[04:09:08.000284]: 0x007ff67a85a7f0 -> KERNEL32.dll!GetTimeFormatW (ord: 791 hint: 316)
[04:09:08.000284]: 0x007ff67a85a7f8 -> KERNEL32.dll!GetDateFormatW (ord: 556 hint: 22B)
[04:09:08.000284]: 0x007ff67a85a800 -> KERNEL32.dll!SetConsoleCtrlHandler (ord: 1275 hint: 4FA)
[04:09:08.000284]: 0x007ff67a85a808 -> KERNEL32.dll!HeapReAlloc (ord: 857 hint: 358) [forwarded]
[04:09:08.000284]: 0x007ff67a85a810 -> KERNEL32.dll!GetFileType (ord: 601 hint: 258)
[04:09:08.000284]: 0x007ff67a85a818 -> KERNEL32.dll!ReadConsoleW (ord: 1144 hint: 477)
[04:09:08.000284]: 0x007ff67a85a820 -> KERNEL32.dll!GetConsoleMode (ord: 518 hint: 205)
[04:09:08.000284]: 0x007ff67a85a828 -> KERNEL32.dll!GetConsoleOutputCP (ord: 522 hint: 209)
[04:09:08.000284]: 0x007ff67a85a830 -> KERNEL32.dll!HeapSize (ord: 859 hint: 35A) [forwarded]
[04:09:08.000284]: 0x007ff67a85a838 -> KERNEL32.dll!GetCommandLineA (ord: 480 hint: 1DF)
[04:09:08.000284]: 0x007ff67a85a840 -> KERNEL32.dll!FreeLibraryAndExitThread (ord: 438 hint: 1B5)
[04:09:08.000284]: 0x007ff67a85a848 -> KERNEL32.dll!GetModuleHandleExW (ord: 641 hint: 280)
[04:09:08.000284]: 0x007ff67a85a850 -> KERNEL32.dll!ExitProcess (ord: 360 hint: 167)
[04:09:08.000285]: 0x007ff67a85a858 -> KERNEL32.dll!TlsFree (ord: 1459 hint: 5B2)
[04:09:08.000285]: 0x007ff67a85a860 -> KERNEL32.dll!TlsSetValue (ord: 1461 hint: 5B4)
[04:09:08.000285]: 0x007ff67a85a868 -> KERNEL32.dll!TlsGetValue (ord: 1460 hint: 5B3)
[04:09:08.000285]: 0x007ff67a85a870 -> KERNEL32.dll!TlsAlloc (ord: 1458 hint: 5B1)
[04:09:08.000285]: 0x007ff67a85a878 -> KERNEL32.dll!InitializeCriticalSectionAndSpinCount (ord: 876 hint: 36B)
[04:09:08.000285]: 0x007ff67a85a880 -> KERNEL32.dll!LCMapStringEx (ord: 952 hint: 3B7)
[04:09:08.000285]: 0x007ff67a85a888 -> KERNEL32.dll!InitOnceExecuteOnce (ord: 870 hint: 365) [forwarded]
[04:09:08.000285]: 0x007ff67a85a890 -> KERNEL32.dll!WideCharToMultiByte (ord: 1555 hint: 612)
[04:09:08.000285]: 0x007ff67a85a898 -> KERNEL32.dll!MultiByteToWideChar (ord: 1015 hint: 3F6)
[04:09:08.000285]: 0x007ff67a85a8a0 -> KERNEL32.dll!FreeLibrary (ord: 437 hint: 1B4)
[04:09:08.000285]: 0x007ff67a85a8a8 -> KERNEL32.dll!TerminateThread (ord: 1441 hint: 5A0)
[04:09:08.000285]: 0x007ff67a85a8b0 -> KERNEL32.dll!IsValidLanguageGroup (ord: 916 hint: 393)
[04:09:08.000285]: 0x007ff67a85a8b8 -> KERNEL32.dll!LoadLibraryW (ord: 972 hint: 3CB)
[04:09:08.000285]: 0x007ff67a85a8c0 -> KERNEL32.dll!GetTickCount (ord: 786 hint: 311)
[04:09:08.000285]: 0x007ff67a85a8c8 -> KERNEL32.dll!SetLastError (ord: 1347 hint: 542)
[04:09:08.000285]: 0x007ff67a85a8d0 -> KERNEL32.dll!GetFullPathNameW (ord: 612 hint: 263)
[04:09:08.000285]: 0x007ff67a85a8d8 -> KERNEL32.dll!GetCommandLineW (ord: 481 hint: 1E0)
[04:09:08.000285]: 0x007ff67a85a8e0 -> KERNEL32.dll!GetProcAddress (ord: 697 hint: 2B8)
[04:09:08.000285]: 0x007ff67a85a8e8 -> KERNEL32.dll!GetModuleHandleW (ord: 642 hint: 281)
[04:09:08.000285]: 0x007ff67a85a8f0 -> KERNEL32.dll!Thread32Next (ord: 1457 hint: 5B0)
[04:09:08.000285]: 0x007ff67a85a8f8 -> KERNEL32.dll!Thread32First (ord: 1456 hint: 5AF)
[04:09:08.000285]: 0x007ff67a85a900 -> KERNEL32.dll!CreateToolhelp32Snapshot (ord: 255 hint: FE)
[04:09:08.000286]: 0x007ff67a85a908 -> KERNEL32.dll!K32GetModuleFileNameExW (ord: 939 hint: 3AA)
[04:09:08.000286]: 0x007ff67a85a910 -> KERNEL32.dll!ConvertThreadToFiber (ord: 168 hint: A7)
[04:09:08.000286]: 0x007ff67a85a918 -> KERNEL32.dll!CreateFiber (ord: 196 hint: C3)
[04:09:08.000286]: 0x007ff67a85a920 -> KERNEL32.dll!CreateFiberEx (ord: 197 hint: C4)
[04:09:08.000286]: 0x007ff67a85a928 -> KERNEL32.dll!DeleteFiber (ord: 278 hint: 115)
[04:09:08.000286]: 0x007ff67a85a930 -> KERNEL32.dll!SwitchToFiber (ord: 1434 hint: 599)
[04:09:08.000286]: 0x007ff67a85a938 -> KERNEL32.dll!ReadProcessMemory (ord: 1150 hint: 47D)
[04:09:08.000286]: 0x007ff67a85a940 -> KERNEL32.dll!VirtualQueryEx (ord: 1508 hint: 5E3)
[04:09:08.000286]: 0x007ff67a85a948 -> KERNEL32.dll!GetThreadContext (ord: 770 hint: 301)
[04:09:08.000286]: 0x007ff67a85a950 -> KERNEL32.dll!GetThreadId (ord: 775 hint: 306)
[04:09:08.000286]: 0x007ff67a85a958 -> KERNEL32.dll!GetProcessId (ord: 705 hint: 2C0)
[04:09:08.000286]: 0x007ff67a85a960 -> KERNEL32.dll!SuspendThread (ord: 1433 hint: 598)
[04:09:08.000286]: 0x007ff67a85a968 -> KERNEL32.dll!InterlockedPushEntrySList (ord: 886 hint: 375) [forwarded]
[04:09:08.000286]: 0x007ff67a85a970 -> KERNEL32.dll!RtlPcToFileHeader (ord: 1248 hint: 4DF)
[04:09:08.000286]: 0x007ff67a85a978 -> KERNEL32.dll!RtlUnwindEx (ord: 1252 hint: 4E3)
[04:09:08.000286]: 0x007ff67a85a980 -> KERNEL32.dll!GetStartupInfoW (ord: 731 hint: 2DA)
[04:09:08.000286]: 0x007ff67a85a988 -> KERNEL32.dll!InitializeSListHead (ord: 880 hint: 36F) [forwarded]
[04:09:08.000286]: 0x007ff67a85a990 -> KERNEL32.dll!WakeAllConditionVariable (ord: 1524 hint: 5F3) [forwarded]
[04:09:08.000286]: 0x007ff67a85a998 -> KERNEL32.dll!OpenThread (ord: 1050 hint: 419)
[04:09:08.000286]: 0x007ff67a85a9a0 -> KERNEL32.dll!CreateThread (ord: 246 hint: F5)
[04:09:08.000286]: 0x007ff67a85a9a8 -> KERNEL32.dll!CreateEventW (ord: 195 hint: C2)
[04:09:08.000286]: 0x007ff67a85a9b0 -> KERNEL32.dll!GetLastError (ord: 619 hint: 26A)
[04:09:08.000286]: 0x007ff67a85a9b8 -> KERNEL32.dll!RtlVirtualUnwind (ord: 1253 hint: 4E4)
[04:09:08.000286]: 0x007ff67a85a9c0 -> KERNEL32.dll!RtlLookupFunctionEntry (ord: 1246 hint: 4DD)
[04:09:08.000287]: 0x007ff67a85a9c8 -> KERNEL32.dll!RtlCaptureStackBackTrace (ord: 1240 hint: 4D7)
[04:09:08.000287]: 0x007ff67a85a9d0 -> KERNEL32.dll!CreateSemaphoreA (ord: 237 hint: EC)
[04:09:08.000287]: 0x007ff67a85a9d8 -> KERNEL32.dll!CreateEventA (ord: 192 hint: BF)
[04:09:08.000287]: 0x007ff67a85a9e0 -> KERNEL32.dll!GlobalAlloc (ord: 826 hint: 339)
[04:09:08.000287]: 0x007ff67a85a9e8 -> KERNEL32.dll!OpenMutexW (ord: 1039 hint: 40E)
[04:09:08.000287]: 0x007ff67a85a9f0 -> KERNEL32.dll!CreateMutexW (ord: 222 hint: DD)
[04:09:08.000287]: 0x007ff67a85a9f8 -> KERNEL32.dll!ReleaseMutex (ord: 1208 hint: 4B7)
[04:09:08.000287]: 0x007ff67a85aa00 -> KERNEL32.dll!ReleaseSemaphore (ord: 1212 hint: 4BB)
[04:09:08.000287]: 0x007ff67a85aa08 -> KERNEL32.dll!ResetEvent (ord: 1230 hint: 4CD)
[04:09:08.000287]: 0x007ff67a85aa10 -> KERNEL32.dll!SetEvent (ord: 1320 hint: 527)
[04:09:08.000287]: 0x007ff67a85aa18 -> KERNEL32.dll!TryEnterCriticalSection (ord: 1467 hint: 5BA) [forwarded]
[04:09:08.000287]: 0x007ff67a85aa20 -> KERNEL32.dll!SetProcessAffinityMask (ord: 1358 hint: 54D)
[04:09:08.000287]: 0x007ff67a85aa28 -> KERNEL32.dll!CreateProcessW (ord: 233 hint: E8)
[04:09:08.000287]: 0x007ff67a85aa30 -> KERNEL32.dll!ResumeThread (ord: 1237 hint: 4D4)
[04:09:08.000287]: 0x007ff67a85aa38 -> KERNEL32.dll!GetThreadPriority (ord: 780 hint: 30B)
[04:09:08.000287]: 0x007ff67a85aa40 -> KERNEL32.dll!SetThreadPriority (ord: 1393 hint: 570)
[04:09:08.000287]: 0x007ff67a85aa48 -> KERNEL32.dll!GetCurrentThreadId (ord: 550 hint: 225)
[04:09:08.000287]: 0x007ff67a85aa50 -> KERNEL32.dll!GetCurrentThread (ord: 549 hint: 224)
[04:09:08.000287]: 0x007ff67a85aa58 -> KERNEL32.dll!GetCurrentProcessId (ord: 546 hint: 221)
[04:09:08.000287]: 0x007ff67a85aa60 -> KERNEL32.dll!WaitForSingleObject (ord: 1516 hint: 5EB)
[04:09:08.000287]: 0x007ff67a85aa68 -> KERNEL32.dll!RaiseException (ord: 1130 hint: 469)
[04:09:08.000287]: 0x007ff67a85aa70 -> KERNEL32.dll!DuplicateHandle (ord: 307 hint: 132)
[04:09:08.000287]: 0x007ff67a85aa78 -> KERNEL32.dll!IsDebuggerPresent (ord: 902 hint: 385)
[04:09:08.000287]: 0x007ff67a85aa80 -> KERNEL32.dll!GetModuleHandleA (ord: 639 hint: 27E)
[04:09:08.000287]: 0x007ff67a85aa88 -> KERNEL32.dll!GetModuleFileNameA (ord: 637 hint: 27C)
[04:09:08.000287]: 0x007ff67a85aa90 -> KERNEL32.dll!VirtualFree (ord: 1502 hint: 5DD)
[04:09:08.000288]: 0x007ff67a85aa98 -> KERNEL32.dll!VirtualAlloc (ord: 1499 hint: 5DA)
[04:09:08.000288]: 0x007ff67a85aaa0 -> KERNEL32.dll!GetLocalTime (ord: 620 hint: 26B)
[04:09:08.000288]: 0x007ff67a85aaa8 -> KERNEL32.dll!DeleteCriticalSection (ord: 277 hint: 114) [forwarded]
[04:09:08.000288]: 0x007ff67a85aab0 -> KERNEL32.dll!LeaveCriticalSection (ord: 965 hint: 3C4) [forwarded]
[04:09:08.000288]: 0x007ff67a85aab8 -> KERNEL32.dll!EnterCriticalSection (ord: 313 hint: 138) [forwarded]
[04:09:08.000288]: 0x007ff67a85aac0 -> KERNEL32.dll!InitializeCriticalSection (ord: 875 hint: 36A) [forwarded]
[04:09:08.000288]: 0x007ff67a85aac8 -> KERNEL32.dll!CreateDirectoryA (ord: 185 hint: B8)
[04:09:08.000288]: 0x007ff67a85aad0 -> KERNEL32.dll!K32GetProcessMemoryInfo (ord: 944 hint: 3AF)
[04:09:08.000288]: 0x007ff67a85aad8 -> KERNEL32.dll!FormatMessageW (ord: 433 hint: 1B0)
[04:09:08.000288]: 0x007ff67a85aae0 -> KERNEL32.dll!GetModuleHandleExA (ord: 640 hint: 27F)
[04:09:08.000288]: 0x007ff67a85aae8 -> KERNEL32.dll!FormatMessageA (ord: 432 hint: 1AF)
[04:09:08.000288]: 0x007ff67a85aaf0 -> KERNEL32.dll!GetModuleFileNameW (ord: 638 hint: 27D)
[04:09:08.000288]: 0x007ff67a85aaf8 -> KERNEL32.dll!VirtualQuery (ord: 1507 hint: 5E2)
[04:09:08.000288]: 0x007ff67a85ab00 -> KERNEL32.dll!GlobalMemoryStatusEx (ord: 839 hint: 346)
[04:09:08.000288]: 0x007ff67a85ab08 -> KERNEL32.dll!ExitThread (ord: 361 hint: 168) [forwarded]
[04:09:08.000288]: 0x007ff67a85ab10 -> KERNEL32.dll!TerminateProcess (ord: 1440 hint: 59F)
[04:09:08.000288]: 0x007ff67a85ab18 -> KERNEL32.dll!GetCurrentProcess (ord: 545 hint: 220)
[04:09:08.000288]: 0x007ff67a85ab20 -> KERNEL32.dll!GetProcessHeap (ord: 703 hint: 2BE)
[04:09:08.000288]: 0x007ff67a85ab28 -> KERNEL32.dll!HeapFree (ord: 854 hint: 355)
[04:09:08.000288]: 0x007ff67a85ab30 -> KERNEL32.dll!HeapAlloc (ord: 850 hint: 351) [forwarded]
[04:09:08.000288]: 0x007ff67a85ab38 -> KERNEL32.dll!CloseHandle (ord: 138 hint: 89)
[04:09:08.000288]: 0x007ff67a85ab40 -> KERNEL32.dll!OutputDebugStringA (ord: 1054 hint: 41D)
[04:09:08.000288]: 0x007ff67a85ab48 -> KERNEL32.dll!WriteFile (ord: 1575 hint: 626)
[04:09:08.000288]: 0x007ff67a85ab50 -> KERNEL32.dll!CreateFileA (ord: 199 hint: C6)
[04:09:08.000288]: 0x007ff67a85ab58 -> KERNEL32.dll!GlobalFree (ord: 833 hint: 340)
[04:09:08.000288]: 0x007ff67a85ab60 -> KERNEL32.dll!GlobalLock (ord: 837 hint: 344)
[04:09:08.000288]: 0x007ff67a85ab68 -> KERNEL32.dll!GlobalUnlock (ord: 844 hint: 34B)
[04:09:08.000288]: 0x007ff67a85ab70 -> KERNEL32.dll!CreateSemaphoreW (ord: 240 hint: EF)
[04:09:08.000288]: 0x007ff67a85ab80 -> MSACM32.dll!acmFormatSuggest (ord: 28 hint: 1B)
[04:09:08.000288]: 0x007ff67a85ab88 -> MSACM32.dll!acmStreamOpen (ord: 38 hint: 25)
[04:09:08.000288]: 0x007ff67a85ab90 -> MSACM32.dll!acmStreamPrepareHeader (ord: 39 hint: 26)
[04:09:08.000288]: 0x007ff67a85ab98 -> MSACM32.dll!acmStreamConvert (ord: 36 hint: 23)
[04:09:08.000288]: 0x007ff67a85aba0 -> MSACM32.dll!acmStreamSize (ord: 41 hint: 28)
[04:09:08.000288]: 0x007ff67a85aba8 -> MSACM32.dll!acmStreamUnprepareHeader (ord: 42 hint: 29)
[04:09:08.000288]: 0x007ff67a85abb8 -> CFGMGR32.dll!CM_Get_Parent (ord: 147 hint: 92)
[04:09:08.000288]: 0x007ff67a85abc0 -> CFGMGR32.dll!CM_Get_Device_IDA (ord: 99 hint: 62)
[04:09:08.000289]: 0x007ff67a85abc8 -> SETUPAPI.dll!SetupDiDestroyDeviceInfoList (ord: 318 hint: 13D)
[04:09:08.000289]: 0x007ff67a85abd0 -> SETUPAPI.dll!SetupDiEnumDeviceInterfaces (ord: 322 hint: 141)
[04:09:08.000289]: 0x007ff67a85abd8 -> SETUPAPI.dll!SetupDiGetClassDevsA (ord: 338 hint: 151)
[04:09:08.000289]: 0x007ff67a85abe0 -> SETUPAPI.dll!SetupDiGetDeviceInterfaceDetailA (ord: 364 hint: 16B)
[04:09:08.000289]: 0x007ff67a85abe8 -> SETUPAPI.dll!CM_Locate_DevNodeA (ord: 151 hint: 96) [forwarded]
[04:09:08.000289]: 0x007ff67a85abf0 -> SETUPAPI.dll!SetupDiEnumDeviceInfo (ord: 321 hint: 140)
[04:09:08.000289]: 0x007ff67a85abf8 -> SETUPAPI.dll!SetupDiGetDeviceRegistryPropertyA (ord: 370 hint: 171)
[04:09:08.000289]: 0x007ff67a85ac08 -> SHELL32.dll!DragFinish (ord: 288 hint: 26)
[04:09:08.000289]: 0x007ff67a85ac10 -> SHELL32.dll!ExtractIconExW (ord: 302 hint: 35)
[04:09:08.000289]: 0x007ff67a85ac18 -> SHELL32.dll!ShellExecuteA (ord: 572 hint: 1AB)
[04:09:08.000289]: 0x007ff67a85ac20 -> SHELL32.dll!ShellExecuteW (ord: 576 hint: 1AF)
[04:09:08.000289]: 0x007ff67a85ac28 -> SHELL32.dll!DragQueryFileW (ord: 292 hint: 2A)
[04:09:08.000289]: 0x007ff67a85ac30 -> SHELL32.dll!SHGetKnownFolderPath (ord: 514 hint: 15A)
[04:09:08.000289]: 0x007ff67a85ac38 -> SHELL32.dll!CommandLineToArgvW (ord: 273 hint: 9)
[04:09:08.000289]: 0x007ff67a85ac40 -> SHELL32.dll!FindExecutableA (ord: 304 hint: 37)
[04:09:08.000289]: 0x007ff67a85ac48 -> SHELL32.dll!DragAcceptFiles (ord: 287 hint: 25)
[04:09:08.000289]: 0x007ff67a85ac50 -> SHELL32.dll!SHGetFolderPathW (ord: 505 hint: 150)
[04:09:08.000289]: 0x007ff67a85ac60 -> USER32.dll!IntersectRect (ord: 2053 hint: 221)
[04:09:08.000289]: 0x007ff67a85ac68 -> USER32.dll!GetClipCursor (ord: 1815 hint: 134)
[04:09:08.000289]: 0x007ff67a85ac70 -> USER32.dll!GetWindowTextLengthW (ord: 2011 hint: 1F6)
[04:09:08.000289]: 0x007ff67a85ac78 -> USER32.dll!RemovePropW (ord: 2277 hint: 302)
[04:09:08.000289]: 0x007ff67a85ac80 -> USER32.dll!SetPropW (ord: 2362 hint: 359)
[04:09:08.000289]: 0x007ff67a85ac88 -> USER32.dll!GetMenu (ord: 1882 hint: 177)
[04:09:08.000289]: 0x007ff67a85ac90 -> USER32.dll!GetKeyboardState (ord: 1872 hint: 16D)
[04:09:08.000289]: 0x007ff67a85ac98 -> USER32.dll!GetFocus (ord: 1850 hint: 157)
[04:09:08.000289]: 0x007ff67a85aca0 -> USER32.dll!RegisterClassW (ord: 2242 hint: 2DF)
[04:09:08.000289]: 0x007ff67a85aca8 -> USER32.dll!AttachThreadInput (ord: 1519 hint: F)
[04:09:08.000289]: 0x007ff67a85acb0 -> USER32.dll!KillTimer (ord: 2099 hint: 250)
[04:09:08.000289]: 0x007ff67a85acb8 -> USER32.dll!SetTimer (ord: 2380 hint: 36B)
[04:09:08.000289]: 0x007ff67a85acc0 -> USER32.dll!PostThreadMessageW (ord: 2197 hint: 2B2)
[04:09:08.000289]: 0x007ff67a85acc8 -> USER32.dll!UnregisterDeviceNotification (ord: 2457 hint: 3B9)
[04:09:08.000289]: 0x007ff67a85acd0 -> USER32.dll!RegisterDeviceNotificationA (ord: 2246 hint: 2E3)
[04:09:08.000289]: 0x007ff67a85acd8 -> USER32.dll!GetRawInputDeviceList (ord: 1944 hint: 1B7)
[04:09:08.000289]: 0x007ff67a85ace0 -> USER32.dll!GetRawInputDeviceInfoA (ord: 1942 hint: 1B5)
[04:09:08.000289]: 0x007ff67a85ace8 -> USER32.dll!CallWindowProcW (ord: 1537 hint: 21)
[04:09:08.000289]: 0x007ff67a85acf0 -> USER32.dll!PostMessageA (ord: 2193 hint: 2AE)
[04:09:08.000289]: 0x007ff67a85acf8 -> USER32.dll!UnregisterClassA (ord: 2455 hint: 3B7)
[04:09:08.000289]: 0x007ff67a85ad00 -> USER32.dll!CharLowerBuffA (ord: 1556 hint: 2F)
[04:09:08.000289]: 0x007ff67a85ad08 -> USER32.dll!PtInRect (ord: 2204 hint: 2B9)
[04:09:08.000289]: 0x007ff67a85ad10 -> USER32.dll!GetWindow (ord: 1980 hint: 1DB)
[04:09:08.000289]: 0x007ff67a85ad18 -> USER32.dll!EnumThreadWindows (ord: 1770 hint: 107)
[04:09:08.000289]: 0x007ff67a85ad20 -> USER32.dll!wsprintfA (ord: 2562 hint: 3E9)
[04:09:08.000289]: 0x007ff67a85ad28 -> USER32.dll!LoadStringA (ord: 2121 hint: 266)
[04:09:08.000289]: 0x007ff67a85ad30 -> USER32.dll!LoadCursorA (ord: 2104 hint: 255)
[04:09:08.000289]: 0x007ff67a85ad38 -> USER32.dll!SetClassLongPtrW (ord: 2307 hint: 321)
[04:09:08.000289]: 0x007ff67a85ad40 -> USER32.dll!InflateRect (ord: 2030 hint: 20A)
[04:09:08.000289]: 0x007ff67a85ad48 -> USER32.dll!SetCursor (ord: 2313 hint: 328)
[04:09:08.000289]: 0x007ff67a85ad50 -> USER32.dll!SetCursorPos (ord: 2315 hint: 32A)
[04:09:08.000289]: 0x007ff67a85ad58 -> USER32.dll!ShowCursor (ord: 2409 hint: 388)
[04:09:08.000289]: 0x007ff67a85ad60 -> USER32.dll!GetActiveWindow (ord: 1789 hint: 11A)
[04:09:08.000289]: 0x007ff67a85ad68 -> USER32.dll!MonitorFromWindow (ord: 2164 hint: 291)
[04:09:08.000289]: 0x007ff67a85ad70 -> USER32.dll!MonitorFromRect (ord: 2163 hint: 290)
[04:09:08.000289]: 0x007ff67a85ad78 -> USER32.dll!MonitorFromPoint (ord: 2162 hint: 28F)
[04:09:08.000289]: 0x007ff67a85ad80 -> USER32.dll!GetParent (ord: 1907 hint: 190)
[04:09:08.000289]: 0x007ff67a85ad88 -> USER32.dll!SetWindowLongW (ord: 2394 hint: 379)
[04:09:08.000289]: 0x007ff67a85ad90 -> USER32.dll!SetRectEmpty (ord: 2364 hint: 35B)
[04:09:08.000289]: 0x007ff67a85ad98 -> USER32.dll!AdjustWindowRectEx (ord: 1508 hint: 4)
[04:09:08.000289]: 0x007ff67a85ada0 -> USER32.dll!SetForegroundWindow (ord: 2329 hint: 338)
[04:09:08.000289]: 0x007ff67a85ada8 -> USER32.dll!EmptyClipboard (ord: 1739 hint: E8)
[04:09:08.000289]: 0x007ff67a85adb0 -> USER32.dll!GetClipboardData (ord: 1817 hint: 136)
[04:09:08.000290]: 0x007ff67a85adb8 -> USER32.dll!SetClipboardData (ord: 2310 hint: 324)
[04:09:08.000290]: 0x007ff67a85adc0 -> USER32.dll!CloseClipboard (ord: 1588 hint: 4F)
[04:09:08.000290]: 0x007ff67a85adc8 -> USER32.dll!OpenClipboard (ord: 2176 hint: 29D)
[04:09:08.000290]: 0x007ff67a85add0 -> USER32.dll!BringWindowToTop (ord: 1523 hint: 13)
[04:09:08.000290]: 0x007ff67a85add8 -> USER32.dll!SetWindowPlacement (ord: 2395 hint: 37A)
[04:09:08.000290]: 0x007ff67a85ade0 -> USER32.dll!GetWindowPlacement (ord: 1999 hint: 1EE)
[04:09:08.000290]: 0x007ff67a85ade8 -> USER32.dll!FlashWindowEx (ord: 1785 hint: 116)
[04:09:08.000290]: 0x007ff67a85adf0 -> USER32.dll!SetLayeredWindowAttributes (ord: 2335 hint: 33E)
[04:09:08.000290]: 0x007ff67a85adf8 -> USER32.dll!GetLayeredWindowAttributes (ord: 1876 hint: 171)
[04:09:08.000290]: 0x007ff67a85ae00 -> USER32.dll!CreateWindowExW (ord: 1627 hint: 76)
[04:09:08.000290]: 0x007ff67a85ae08 -> USER32.dll!CharNextW (ord: 1561 hint: 34)
[04:09:08.000290]: 0x007ff67a85ae10 -> USER32.dll!InvalidateRect (ord: 2054 hint: 222)
[04:09:08.000290]: 0x007ff67a85ae18 -> USER32.dll!ReleaseCapture (ord: 2270 hint: 2FB)
[04:09:08.000290]: 0x007ff67a85ae20 -> USER32.dll!SetCapture (ord: 2302 hint: 31C)
[04:09:08.000290]: 0x007ff67a85ae28 -> USER32.dll!RegisterRawInputDevices (ord: 2258 hint: 2EF)
[04:09:08.000290]: 0x007ff67a85ae30 -> USER32.dll!GetRawInputData (ord: 1941 hint: 1B4)
[04:09:08.000290]: 0x007ff67a85ae38 -> USER32.dll!GetWindowThreadProcessId (ord: 2013 hint: 1F8)
[04:09:08.000290]: 0x007ff67a85ae40 -> USER32.dll!GetMonitorInfoW (ord: 1902 hint: 18B)
[04:09:08.000290]: 0x007ff67a85ae48 -> USER32.dll!SystemParametersInfoW (ord: 2430 hint: 39D)
[04:09:08.000290]: 0x007ff67a85ae50 -> USER32.dll!EnumDisplayDevicesW (ord: 1760 hint: FD)
[04:09:08.000290]: 0x007ff67a85ae58 -> USER32.dll!EnumDisplaySettingsW (ord: 1765 hint: 102)
[04:09:08.000290]: 0x007ff67a85ae60 -> USER32.dll!CreateIconIndirect (ord: 1619 hint: 6E)
[04:09:08.000290]: 0x007ff67a85ae68 -> USER32.dll!LoadIconW (ord: 2109 hint: 25A)
[04:09:08.000290]: 0x007ff67a85ae70 -> USER32.dll!DestroyCursor (ord: 1683 hint: AF)
[04:09:08.000290]: 0x007ff67a85ae78 -> USER32.dll!LoadCursorW (ord: 2107 hint: 258)
[04:09:08.000290]: 0x007ff67a85ae80 -> USER32.dll!CallNextHookEx (ord: 1535 hint: 1F)
[04:09:08.000290]: 0x007ff67a85ae88 -> USER32.dll!UnhookWindowsHookEx (ord: 2450 hint: 3B2)
[04:09:08.000290]: 0x007ff67a85ae90 -> USER32.dll!SetWindowsHookExW (ord: 2406 hint: 385)
[04:09:08.000290]: 0x007ff67a85ae98 -> USER32.dll!GetWindowLongPtrW (ord: 1993 hint: 1E8)
[04:09:08.000290]: 0x007ff67a85aea0 -> USER32.dll!GetWindowLongW (ord: 1994 hint: 1E9)
[04:09:08.000290]: 0x007ff67a85aea8 -> USER32.dll!ClipCursor (ord: 1587 hint: 4E)
[04:09:08.000290]: 0x007ff67a85aeb0 -> USER32.dll!WindowFromPoint (ord: 2499 hint: 3E3)
[04:09:08.000290]: 0x007ff67a85aeb8 -> USER32.dll!ScreenToClient (ord: 2283 hint: 309)
[04:09:08.000290]: 0x007ff67a85aec0 -> USER32.dll!ClientToScreen (ord: 1586 hint: 4D)
[04:09:08.000290]: 0x007ff67a85aec8 -> USER32.dll!GetCursorPos (ord: 1828 hint: 141)
[04:09:08.000290]: 0x007ff67a85aed0 -> USER32.dll!ReleaseDC (ord: 2271 hint: 2FC)
[04:09:08.000290]: 0x007ff67a85aed8 -> USER32.dll!GetDC (ord: 1829 hint: 142)
[04:09:08.000290]: 0x007ff67a85aee0 -> USER32.dll!GetForegroundWindow (ord: 1851 hint: 158)
[04:09:08.000290]: 0x007ff67a85aee8 -> USER32.dll!GetKeyNameTextW (ord: 1866 hint: 167)
[04:09:08.000290]: 0x007ff67a85aef0 -> USER32.dll!GetKeyState (ord: 1867 hint: 168)
[04:09:08.000290]: 0x007ff67a85aef8 -> USER32.dll!IsZoomed (ord: 2098 hint: 24F)
[04:09:08.000290]: 0x007ff67a85af00 -> USER32.dll!IsIconic (ord: 2073 hint: 235)
[04:09:08.000290]: 0x007ff67a85af08 -> USER32.dll!RegisterClassExW (ord: 2241 hint: 2DE)
[04:09:08.000290]: 0x007ff67a85af10 -> USER32.dll!UnregisterClassW (ord: 2456 hint: 3B8)
[04:09:08.000290]: 0x007ff67a85af18 -> USER32.dll!DefWindowProcW (ord: 1676 hint: A7) [forwarded]
[04:09:08.000290]: 0x007ff67a85af20 -> USER32.dll!GetMessagePos (ord: 1898 hint: 187)
[04:09:08.000290]: 0x007ff67a85af28 -> USER32.dll!TrackMouseEvent (ord: 2439 hint: 3A6)
[04:09:08.000290]: 0x007ff67a85af30 -> USER32.dll!MapVirtualKeyW (ord: 2145 hint: 27E)
[04:09:08.000290]: 0x007ff67a85af38 -> USER32.dll!RegisterClipboardFormatW (ord: 2244 hint: 2E1)
[04:09:08.000290]: 0x007ff67a85af40 -> USER32.dll!IsDialogMessageW (ord: 2069 hint: 231)
[04:09:08.000290]: 0x007ff67a85af48 -> USER32.dll!LoadImageW (ord: 2111 hint: 25C)
[04:09:08.000290]: 0x007ff67a85af50 -> USER32.dll!DestroyCursor (ord: 1683 hint: AF)
[04:09:08.000290]: 0x007ff67a85af58 -> USER32.dll!GetDesktopWindow (ord: 1832 hint: 145)
[04:09:08.000290]: 0x007ff67a85af60 -> USER32.dll!SetWindowLongPtrW (ord: 2393 hint: 378)
[04:09:08.000290]: 0x007ff67a85af68 -> USER32.dll!GetSysColor (ord: 1956 hint: 1C3)
[04:09:08.000290]: 0x007ff67a85af70 -> USER32.dll!MessageBoxW (ord: 2159 hint: 28C)
[04:09:08.000290]: 0x007ff67a85af78 -> USER32.dll!GetWindowRect (ord: 2003 hint: 1F0)
[04:09:08.000290]: 0x007ff67a85af80 -> USER32.dll!GetClientRect (ord: 1814 hint: 133)
[04:09:08.000290]: 0x007ff67a85af88 -> USER32.dll!GetWindowTextW (ord: 2012 hint: 1F7)
[04:09:08.000290]: 0x007ff67a85af90 -> USER32.dll!SetWindowTextW (ord: 2401 hint: 380)
[04:09:08.000291]: 0x007ff67a85af98 -> USER32.dll!GetSystemMetrics (ord: 1960 hint: 1C7)
[04:09:08.000291]: 0x007ff67a85afa0 -> USER32.dll!CreateIconFromResource (ord: 1617 hint: 6C)
[04:09:08.000291]: 0x007ff67a85afa8 -> USER32.dll!SetFocus (ord: 2328 hint: 337)
[04:09:08.000291]: 0x007ff67a85afb0 -> USER32.dll!SetDlgItemTextW (ord: 2325 hint: 334)
[04:09:08.000291]: 0x007ff67a85afb8 -> USER32.dll!GetDlgItem (ord: 1839 hint: 14C)
[04:09:08.000291]: 0x007ff67a85afc0 -> USER32.dll!EndDialog (ord: 1749 hint: F2)
[04:09:08.000291]: 0x007ff67a85afc8 -> USER32.dll!DialogBoxParamW (ord: 1694 hint: BA)
[04:09:08.000291]: 0x007ff67a85afd0 -> USER32.dll!CreateDialogParamW (ord: 1615 hint: 6A)
[04:09:08.000291]: 0x007ff67a85afd8 -> USER32.dll!IsWindowVisible (ord: 2096 hint: 24D)
[04:09:08.000291]: 0x007ff67a85afe0 -> USER32.dll!SetWindowPos (ord: 2396 hint: 37B)
[04:09:08.000291]: 0x007ff67a85afe8 -> USER32.dll!ShowWindow (ord: 2414 hint: 38D)
[04:09:08.000291]: 0x007ff67a85aff0 -> USER32.dll!DestroyWindow (ord: 1689 hint: B5)
[04:09:08.000291]: 0x007ff67a85aff8 -> USER32.dll!IsWindow (ord: 2090 hint: 247)
[04:09:08.000291]: 0x007ff67a85b000 -> USER32.dll!PostQuitMessage (ord: 2195 hint: 2B0)
[04:09:08.000291]: 0x007ff67a85b008 -> USER32.dll!PostMessageW (ord: 2194 hint: 2AF)
[04:09:08.000291]: 0x007ff67a85b010 -> USER32.dll!SendMessageW (ord: 2298 hint: 318)
[04:09:08.000291]: 0x007ff67a85b018 -> USER32.dll!SendMessageA (ord: 2293 hint: 313)
[04:09:08.000291]: 0x007ff67a85b020 -> USER32.dll!PeekMessageW (ord: 2190 hint: 2AB)
[04:09:08.000291]: 0x007ff67a85b028 -> USER32.dll!DispatchMessageW (ord: 1697 hint: BD)
[04:09:08.000291]: 0x007ff67a85b030 -> USER32.dll!TranslateMessage (ord: 2446 hint: 3AD)
[04:09:08.000291]: 0x007ff67a85b038 -> USER32.dll!GetMessageW (ord: 1900 hint: 189)
[04:09:08.000291]: 0x007ff67a85b040 -> USER32.dll!LoadStringW (ord: 2122 hint: 267)
[04:09:08.000291]: 0x007ff67a85b048 -> USER32.dll!IsRectEmpty (ord: 2081 hint: 23D)
[04:09:08.000291]: 0x007ff67a85b050 -> USER32.dll!RegisterClassExA (ord: 2240 hint: 2DD)
[04:09:08.000291]: 0x007ff67a85b058 -> USER32.dll!CreateWindowExA (ord: 1626 hint: 75)
[04:09:08.000291]: 0x007ff67a85b060 -> USER32.dll!RegisterClipboardFormatA (ord: 2243 hint: 2E0)
[04:09:08.000291]: 0x007ff67a85b068 -> USER32.dll!DialogBoxIndirectParamW (ord: 1692 hint: B8)
[04:09:08.000291]: 0x007ff67a85b070 -> USER32.dll!DrawTextW (ord: 1730 hint: DE)
[04:09:08.000291]: 0x007ff67a85b078 -> USER32.dll!SystemParametersInfoA (ord: 2428 hint: 39B)
[04:09:08.000291]: 0x007ff67a85b080 -> USER32.dll!GetMessageExtraInfo (ord: 1897 hint: 186)
[04:09:08.000291]: 0x007ff67a85b088 -> USER32.dll!GetClassInfoExW (ord: 1805 hint: 12A)
[04:09:08.000291]: 0x007ff67a85b090 -> USER32.dll!GetAsyncKeyState (ord: 1796 hint: 121)
[04:09:08.000291]: 0x007ff67a85b098 -> USER32.dll!GetUpdateRect (ord: 1973 hint: 1D4)
[04:09:08.000291]: 0x007ff67a85b0a0 -> USER32.dll!ValidateRect (ord: 2482 hint: 3D2)
[04:09:08.000291]: 0x007ff67a85b0a8 -> USER32.dll!EnumDisplayDevicesA (ord: 1759 hint: FC)
[04:09:08.000291]: 0x007ff67a85b0b0 -> USER32.dll!SetActiveWindow (ord: 2301 hint: 31B)
[04:09:08.000291]: 0x007ff67a85b0b8 -> USER32.dll!GetPropW (ord: 1938 hint: 1B1)
[04:09:08.000291]: 0x007ff67a85b0c0 -> USER32.dll!FillRect (ord: 1779 hint: 110)
[04:09:08.000291]: 0x007ff67a85b0c8 -> USER32.dll!ChangeDisplaySettingsExW (ord: 1544 hint: 28)
[04:09:08.000291]: 0x007ff67a85b0d0 -> USER32.dll!GetClipboardSequenceNumber (ord: 1821 hint: 13A)
[04:09:08.000291]: 0x007ff67a85b0d8 -> USER32.dll!IsClipboardFormatAvailable (ord: 2066 hint: 22E)
[04:09:08.000291]: 0x007ff67a85b0e0 -> USER32.dll!GetKeyboardLayout (ord: 1868 hint: 169)
[04:09:08.000291]: 0x007ff67a85b0e8 -> USER32.dll!ToUnicode (ord: 2437 hint: 3A4)
[04:09:08.000291]: 0x007ff67a85b0f0 -> USER32.dll!CopyImage (ord: 1599 hint: 5A)
[04:09:08.000291]: 0x007ff67a85b0f8 -> USER32.dll!SetWindowRgn (ord: 2397 hint: 37C)
[04:09:08.000291]: 0x007ff67a85b100 -> USER32.dll!EnumDisplayMonitors (ord: 1761 hint: FE)
[04:09:08.000291]: 0x007ff67a85b108 -> USER32.dll!EnableWindow (ord: 1746 hint: EF)
[04:09:08.000291]: 0x007ff67a85b118 -> VERSION.dll!GetFileVersionInfoA (ord: 1 hint: 0)
[04:09:08.000291]: 0x007ff67a85b120 -> VERSION.dll!VerQueryValueA (ord: 16 hint: F)
[04:09:08.000291]: 0x007ff67a85b128 -> VERSION.dll!GetFileVersionInfoSizeA (ord: 5 hint: 4)
[04:09:08.000291]: 0x007ff67a85b138 -> WINHTTP.dll!WinHttpCrackUrl (ord: 24 hint: 15)
[04:09:08.000291]: 0x007ff67a85b140 -> WINHTTP.dll!WinHttpCloseHandle (ord: 11 hint: 8)
[04:09:08.000291]: 0x007ff67a85b148 -> WINHTTP.dll!WinHttpOpen (ord: 41 hint: 26)
[04:09:08.000291]: 0x007ff67a85b150 -> WINHTTP.dll!WinHttpGetProxyForUrl (ord: 33 hint: 1E)
[04:09:08.000291]: 0x007ff67a85b158 -> WINHTTP.dll!WinHttpGetIEProxyConfigForCurrentUser (ord: 32 hint: 1D)
[04:09:08.000291]: 0x007ff67a85b160 -> WINHTTP.dll!WinHttpGetDefaultProxyConfiguration (ord: 31 hint: 1C)
[04:09:08.000291]: 0x007ff67a85b170 -> WINMM.dll!waveInClose (ord: 145 hint: 8E)
[04:09:08.000291]: 0x007ff67a85b178 -> WINMM.dll!waveInOpen (ord: 154 hint: 97)
[04:09:08.000291]: 0x007ff67a85b180 -> WINMM.dll!waveInGetDevCapsW (ord: 147 hint: 90)
[04:09:08.000291]: 0x007ff67a85b188 -> WINMM.dll!waveInGetDevCapsA (ord: 146 hint: 8F)
[04:09:08.000291]: 0x007ff67a85b190 -> WINMM.dll!waveOutGetPosition (ord: 170 hint: A7)
[04:09:08.000291]: 0x007ff67a85b198 -> WINMM.dll!waveOutReset (ord: 176 hint: AD)
[04:09:08.000291]: 0x007ff67a85b1a0 -> WINMM.dll!waveOutWrite (ord: 182 hint: B3)
[04:09:08.000291]: 0x007ff67a85b1a8 -> WINMM.dll!waveOutUnprepareHeader (ord: 181 hint: B2)
[04:09:08.000291]: 0x007ff67a85b1b0 -> WINMM.dll!waveInUnprepareHeader (ord: 159 hint: 9C)
[04:09:08.000291]: 0x007ff67a85b1b8 -> WINMM.dll!waveOutClose (ord: 161 hint: 9E)
[04:09:08.000291]: 0x007ff67a85b1c0 -> WINMM.dll!waveOutOpen (ord: 173 hint: AA)
[04:09:08.000291]: 0x007ff67a85b1c8 -> WINMM.dll!waveOutGetDevCapsW (ord: 163 hint: A0)
[04:09:08.000291]: 0x007ff67a85b1d0 -> WINMM.dll!waveOutGetDevCapsA (ord: 162 hint: 9F)
[04:09:08.000291]: 0x007ff67a85b1d8 -> WINMM.dll!timeGetTime (ord: 141 hint: 8A)
[04:09:08.000291]: 0x007ff67a85b1e0 -> WINMM.dll!waveInGetNumDevs (ord: 151 hint: 94)
[04:09:08.000291]: 0x007ff67a85b1e8 -> WINMM.dll!waveOutGetNumDevs (ord: 167 hint: A4)
[04:09:08.000291]: 0x007ff67a85b1f0 -> WINMM.dll!timeEndPeriod (ord: 138 hint: 87)
[04:09:08.000291]: 0x007ff67a85b1f8 -> WINMM.dll!timeBeginPeriod (ord: 137 hint: 86)
[04:09:08.000291]: 0x007ff67a85b200 -> WINMM.dll!waveInPrepareHeader (ord: 155 hint: 98)
[04:09:08.000291]: 0x007ff67a85b208 -> WINMM.dll!waveInAddBuffer (ord: 144 hint: 8D)
[04:09:08.000291]: 0x007ff67a85b210 -> WINMM.dll!waveInStart (ord: 157 hint: 9A)
[04:09:08.000291]: 0x007ff67a85b218 -> WINMM.dll!waveInReset (ord: 156 hint: 99)
[04:09:08.000291]: 0x007ff67a85b220 -> WINMM.dll!waveOutPrepareHeader (ord: 175 hint: AC)
[04:09:08.000291]: 0x007ff67a85b230 -> WS2_32.dll!WSAStartup (ord: 115 hint: 58)
[04:09:08.000291]: 0x007ff67a85b238 -> WS2_32.dll!WSACleanup (ord: 116 hint: 1E)
[04:09:08.000291]: 0x007ff67a85b240 -> WS2_32.dll!inet_addr (ord: 11 hint: B3)
[04:09:08.000291]: 0x007ff67a85b248 -> WS2_32.dll!WSAAsyncGetHostByName (ord: 103 hint: 16)
[04:09:08.000291]: 0x007ff67a85b250 -> WS2_32.dll!WSACancelAsyncRequest (ord: 108 hint: 1C)
[04:09:08.000291]: 0x007ff67a85b258 -> WS2_32.dll!WSACloseEvent (ord: 45 hint: 1F)
[04:09:08.000291]: 0x007ff67a85b260 -> WS2_32.dll!WSACreateEvent (ord: 50 hint: 24)
[04:09:08.000291]: 0x007ff67a85b268 -> WS2_32.dll!WSAEnumNetworkEvents (ord: 64 hint: 2B)
[04:09:08.000291]: 0x007ff67a85b270 -> WS2_32.dll!getaddrinfo (ord: 191 hint: A5)
[04:09:08.000291]: 0x007ff67a85b278 -> WS2_32.dll!WSAResetEvent (ord: 95 hint: 4C)
[04:09:08.000291]: 0x007ff67a85b280 -> WS2_32.dll!WSAWaitForMultipleEvents (ord: 124 hint: 5D)
[04:09:08.000291]: 0x007ff67a85b288 -> WS2_32.dll!inet_ntop (ord: 193 hint: B5)
[04:09:08.000291]: 0x007ff67a85b290 -> WS2_32.dll!inet_pton (ord: 194 hint: B6)
[04:09:08.000291]: 0x007ff67a85b298 -> WS2_32.dll!WSAAddressToStringA (ord: 42 hint: 12)
[04:09:08.000291]: 0x007ff67a85b2a0 -> WS2_32.dll!WSASocketW (ord: 120 hint: 57)
[04:09:08.000291]: 0x007ff67a85b2a8 -> WS2_32.dll!WSASend (ord: 96 hint: 4D)
[04:09:08.000291]: 0x007ff67a85b2b0 -> WS2_32.dll!WSAIoctl (ord: 78 hint: 3A)
[04:09:08.000291]: 0x007ff67a85b2b8 -> WS2_32.dll!WSADuplicateSocketW (ord: 59 hint: 26)
[04:09:08.000291]: 0x007ff67a85b2c0 -> WS2_32.dll!WSASetLastError (ord: 112 hint: 53)
[04:09:08.000291]: 0x007ff67a85b2c8 -> WS2_32.dll!gethostname (ord: 57 hint: A8)
[04:09:08.000291]: 0x007ff67a85b2d0 -> WS2_32.dll!socket (ord: 23 hint: C2)
[04:09:08.000291]: 0x007ff67a85b2d8 -> WS2_32.dll!setsockopt (ord: 21 hint: C0)
[04:09:08.000291]: 0x007ff67a85b2e0 -> WS2_32.dll!select (ord: 18 hint: BD)
[04:09:08.000291]: 0x007ff67a85b2e8 -> WS2_32.dll!recv (ord: 16 hint: BB)
[04:09:08.000291]: 0x007ff67a85b2f0 -> WS2_32.dll!listen (ord: 13 hint: B8)
[04:09:08.000291]: 0x007ff67a85b2f8 -> WS2_32.dll!getsockopt (ord: 7 hint: B0)
[04:09:08.000291]: 0x007ff67a85b300 -> WS2_32.dll!getsockname (ord: 6 hint: AF)
[04:09:08.000291]: 0x007ff67a85b308 -> WS2_32.dll!getpeername (ord: 5 hint: AA)
[04:09:08.000292]: 0x007ff67a85b310 -> WS2_32.dll!ioctlsocket (ord: 10 hint: B7)
[04:09:08.000292]: 0x007ff67a85b318 -> WS2_32.dll!connect (ord: 4 hint: A3)
[04:09:08.000292]: 0x007ff67a85b320 -> WS2_32.dll!closesocket (ord: 3 hint: A2)
[04:09:08.000292]: 0x007ff67a85b328 -> WS2_32.dll!bind (ord: 2 hint: A1)
[04:09:08.000292]: 0x007ff67a85b330 -> WS2_32.dll!accept (ord: 1 hint: A0)
[04:09:08.000292]: 0x007ff67a85b338 -> WS2_32.dll!__WSAFDIsSet (ord: 151 hint: 9F)
[04:09:08.000292]: 0x007ff67a85b340 -> WS2_32.dll!WSAGetLastError (ord: 111 hint: 2F)
[04:09:08.000292]: 0x007ff67a85b348 -> WS2_32.dll!htons (ord: 9 hint: B2)
[04:09:08.000292]: 0x007ff67a85b350 -> WS2_32.dll!htonl (ord: 8 hint: B1)
[04:09:08.000292]: 0x007ff67a85b358 -> WS2_32.dll!htons (ord: 9 hint: B2)
[04:09:08.000292]: 0x007ff67a85b360 -> WS2_32.dll!htonl (ord: 8 hint: B1)
[04:09:08.000292]: 0x007ff67a85b368 -> WS2_32.dll!inet_ntoa (ord: 12 hint: B4)
[04:09:08.000292]: 0x007ff67a85b370 -> WS2_32.dll!FreeAddrInfoW (ord: 27 hint: 2)
[04:09:08.000292]: 0x007ff67a85b378 -> WS2_32.dll!WSAEventSelect (ord: 67 hint: 2E)
[04:09:08.000292]: 0x007ff67a85b380 -> WS2_32.dll!send (ord: 19 hint: BE)
[04:09:08.000292]: 0x007ff67a85b390 -> combase.dll!StringFromGUID2 (ord: 561 hint: 1A9)
[04:09:08.000292]: 0x007ff67a85b3a0 -> bcrypt.dll!BCryptGenRandom (ord: 30 hint: 1D)
[04:09:08.000292]: 0x007ff67a85b3b0 -> dwmapi.dll!DwmGetWindowAttribute (ord: 134 hint: 10)
[04:09:08.000292]: 0x007ff67a85b3b8 -> dwmapi.dll!DwmSetWindowAttribute (ord: 193 hint: 1B)
[04:09:08.000292]: 0x007ff67a85b3c0 -> dwmapi.dll!DwmGetCompositionTimingInfo (ord: 125 hint: B)
[04:09:10.000215]: Self inject result: 0xe06d7363
@scizzydo
Copy link
Owner

Didn't see this. My bad. They swapped up some of the imports, so due to the way the import reconstruction works it fails. On my build at home I just skipped that for it to keep dumping. What happens is an import from a module falls between a few others and it's not forwarded. I just made a push for the hackfix I was doing to keep dumping. I need to come up with a cleaner solution to rebuild the imports properly with this change

@luodaoyi
Copy link
Author

Didn't see this. My bad. They swapped up some of the imports, so due to the way the import reconstruction works it fails. On my build at home I just skipped that for it to keep dumping. What happens is an import from a module falls between a few others and it's not forwarded. I just made a push for the hackfix I was doing to keep dumping. I need to come up with a cleaner solution to rebuild the imports properly with this change

Thank you !

@Thordekk
Copy link

Still get error on 11.0.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@luodaoyi @Thordekk @scizzydo