TDL4 Rootkit | Kernel

Kernel Graph 1

Code Block #1 ( EP #1)

Information	Value
Trigger	KdReceivePacket+0x1e2
Start Address	0xfffffa80027cc46c

Execution Path #1 (length: 4, count: 1, processes: 1)

Information	Value
Sequence Length	4

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ObfReferenceObject	Object_ptr = 0xfffffa80018da9c0, ret_val_ptr_out = 0x4
ObMakeTemporaryObject	Object_ptr = 0xfffffa80018da9c0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x20, ret_val_ptr_out = 0xfffffa800270f610
ExQueueWorkItem	WorkItem_ptr = 0xfffffa800270f610, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a5e820, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cbec4, WorkItem_deref_Parameter_ptr = 0xfffffa800270f610, QueueType_unk = 0x1, WorkItem_ptr_out = 0xfffffa800270f610, WorkItem_deref_List.Flink_unk_out = 0xfffff80002a74670, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74670, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cbec4, WorkItem_deref_Parameter_ptr_out = 0xfffffa800270f610

Code Block #2 ( EP #2)

Information	Value
Trigger	ExpWorkerThread+0x10f
Start Address	0xfffffa80027cbec4

Execution Path #2 (length: 1878, count: 1, processes: 1)

Information	Value
Sequence Length	1878

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ExFreePoolWithTag	P_ptr = 0xfffffa800270f610, Tag = 0x0
PsRemoveCreateThreadNotifyRoutine	NotifyRoutine_unk = 0xfffff80000bb08e4, ret_val_unk_out = 0x0
RtlRandom	Seed_ptr = 0xfffffa80027d37ec, Seed_ptr_out = 0xfffffa80027d37ec, ret_val_out = 0xd24eb7c
_snprintf	_Count = 0x8, _Format = %08x, _Dest_out = 0d24eb7c, ret_val_out = 8
IoCreateDriver	DriverName_ptr = 0x0, InitializationFunction_unk = 0xfffffa80027cb690, ret_val_unk_out = 0x0
ObfReferenceObject	Object_ptr = 0xfffffa80027ba6e0, ret_val_ptr_out = 0x3
ObMakeTemporaryObject	Object_ptr = 0xfffffa80027ba6e0
ObReferenceObjectByName	ObjectName = \driver\pnpmanager, Attributes = 0x40, PassedAccessState_unk = 0x0, DesiredAccess_unk = 0x0, ObjectType_unk = 0xfffffa80018c9b40, AccessMode_unk = 0x0, ParseContext_ptr_out = 0xfffff88000000000, Object_ptr_out = 0xfffff88002fabb80, Object_out = 0xfffffa80018eeae0, ret_val_unk_out = 0x0
RtlRandom	Seed_ptr = 0xfffffa80027d37ec, Seed_ptr_out = 0xfffffa80027d37ec, ret_val_out = 0x404331a9
_snwprintf	_Count = 0x8, _Format = %08x, _Dest_out = 000001a9, ret_val_out = 8
_snwprintf	_Count = 0x103, _Format = \device\%s, _Dest_out = \device\000001a9, ret_val_out = 16
RtlInitUnicodeString	SourceString = \device\000001a9, DestinationString_out = \device\000001a9
IoCreateDevice	DriverObject_unk = 0xfffffa80018eeae0, DeviceExtensionSize = 0x0, DeviceName = \device\000001a9, DeviceType_unk = 0x4, DeviceCharacteristics = 0x0, Exclusive = 0, DeviceObject_unk_out = 0xfffffa80027d3800, ret_val_unk_out = 0x0
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c, ret_val_out = 25
IoCreateDevice	DriverObject_unk = 0xfffffa80027ba6e0, DeviceExtensionSize = 0x0, DeviceName_ptr = 0x0, DeviceType_unk = 0x22, DeviceCharacteristics = 0x0, Exclusive = 0, DeviceObject_unk_out = 0xfffffa80027d3808, ret_val_unk_out = 0x0
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c, ret_val_out = 25
ObfDereferenceObject	Object_ptr = 0xfffffa80018eeae0, ret_val_ptr_out = 0x45
KeInitializeEvent	Type_unk = 0x1, State = 0, Event_unk_out = 0xfffffa80027d38b0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa80027b2010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80027b2010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80027b2010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fab990
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
For performance reasons the remaining entries are omitted. Click to download all entries as text file.

Code Block #6 ( EP #8, #11, #14, #41, #42, #43, #47)

Information	Value
Trigger	PsCallImageNotifyRoutines+0xda
Start Address	0xfffffa80027cb1d0

Execution Path #8 (length: 1, count: 1755, processes: 35)

Information	Value
Sequence Length	1

Processes

Process	Count
Process 2 (System, PID: 4)	80
Process 3 (smss.exe, PID: 252)	42
Process 4 (autochk.exe, PID: 268)	2
Process 5 (smss.exe, PID: 316)	4
Process 6 (csrss.exe, PID: 324)	18
Process 7 (smss.exe, PID: 364)	2
Process 8 (wininit.exe, PID: 372)	29
Process 9 (csrss.exe, PID: 384)	20
Process 10 (winlogon.exe, PID: 412)	31
Process 11 (services.exe, PID: 468)	29
Process 12 (lsass.exe, PID: 484)	50
Process 13 (lsm.exe, PID: 492)	17
Process 14 (svchost.exe, PID: 592)	56
Process 15 (svchost.exe, PID: 660)	31
Process 16 (svchost.exe, PID: 708)	78
Process 17 (logonui.exe, PID: 776)	64
Process 18 (svchost.exe, PID: 828)	220
Process 19 (svchost.exe, PID: 884)	112
Process 20 (audiodg.exe, PID: 964)	42
Process 21 (svchost.exe, PID: 296)	48
Process 22 (dllhost.exe, PID: 540)	28
Process 23 (userinit.exe, PID: 956)	18
Process 24 (explorer.exe, PID: 320)	206
Process 25 (dwm.exe, PID: 1060)	40
Process 26 (svchost.exe, PID: 1112)	55
Process 27 (runonce.exe, PID: 1232)	39
Process 28 (ping.exe, PID: 1292)	66
Process 29 (spoolsv.exe, PID: 1300)	31
Process 30 (conhost.exe, PID: 1316)	17
Process 31 (dllhost.exe, PID: 1332)	42
Process 32 (taskhost.exe, PID: 1400)	43
Process 33 (svchost.exe, PID: 1456)	108
Process 34 (jusched.exe, PID: 1528)	34
Process 35 (taskhost.exe, PID: 1928)	33
Process 36 (dllhost.exe, PID: 840)	20

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \SystemRoot\System32\Drivers\crashdmp.sys, IgnoreCase = 1, ret_val_out = 0

Execution Path #11 (length: 11, count: 1, processes: 1)

Information	Value
Sequence Length	11

Processes

Process	Count
Process 3 (smss.exe, PID: 252)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\kernel32.dll, IgnoreCase = 1, ret_val_out = 1
IoIs32bitProcess	Irp_unk = 0x0, ret_val_out = 0
RtlImageNtHeader	BaseAddress_ptr = 0x77a30000, ret_val_unk_out = 0x77a300e8
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x77a30000, MappedAsImage = 1, Directory = 0x0, Size_ptr_out = 0xfffff88002e256b0, ret_val_ptr_out = 0x77ad003c
RtlImageNtHeader	BaseAddress_ptr = 0x77a30000, ret_val_unk_out = 0x77a300e8
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x77a30000, MappedAsImage = 1, Directory = 0x0, Size_ptr_out = 0xfffff88002e256b0, ret_val_ptr_out = 0x77ad003c
RtlImageNtHeader	BaseAddress_ptr = 0x77a30000, ret_val_unk_out = 0x77a300e8
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x77a30000, MappedAsImage = 1, Directory = 0x0, Size_ptr_out = 0xfffff88002e256b0, ret_val_ptr_out = 0x77ad003c
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa8003426320
KeInitializeApc	Apc_unk = 0xfffffa8003426320, Thread_unk = 0xfffffa80029e8040, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027cb10c, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x0, Mode_unk = 0xffff4a0800000000, Context_ptr = 0x0
KeInsertQueueApc	Apc_unk = 0xfffffa8003426320, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1

Execution Path #14 (length: 5, count: 27, processes: 27)

Information	Value
Sequence Length	5

Processes

Process	Count
Process 6 (csrss.exe, PID: 324)	1
Process 8 (wininit.exe, PID: 372)	1
Process 9 (csrss.exe, PID: 384)	1
Process 10 (winlogon.exe, PID: 412)	1
Process 11 (services.exe, PID: 468)	1
Process 12 (lsass.exe, PID: 484)	1
Process 13 (lsm.exe, PID: 492)	1
Process 14 (svchost.exe, PID: 592)	1
Process 15 (svchost.exe, PID: 660)	1
Process 16 (svchost.exe, PID: 708)	1
Process 17 (logonui.exe, PID: 776)	1
Process 18 (svchost.exe, PID: 828)	1
Process 19 (svchost.exe, PID: 884)	1
Process 20 (audiodg.exe, PID: 964)	1
Process 21 (svchost.exe, PID: 296)	1
Process 22 (dllhost.exe, PID: 540)	1
Process 23 (userinit.exe, PID: 956)	1
Process 24 (explorer.exe, PID: 320)	1
Process 25 (dwm.exe, PID: 1060)	1
Process 26 (svchost.exe, PID: 1112)	1
Process 29 (spoolsv.exe, PID: 1300)	1
Process 30 (conhost.exe, PID: 1316)	1
Process 31 (dllhost.exe, PID: 1332)	1
Process 32 (taskhost.exe, PID: 1400)	1
Process 33 (svchost.exe, PID: 1456)	1
Process 35 (taskhost.exe, PID: 1928)	1
Process 36 (dllhost.exe, PID: 840)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\kernel32.dll, IgnoreCase = 1, ret_val_out = 1
IoIs32bitProcess	Irp_unk = 0x0, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa800353d510
KeInitializeApc	Apc_unk = 0xfffffa800353d510, Thread_unk = 0xfffffa8003439b60, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027cb10c, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x0, Mode_unk = 0xffff4a0800000000, Context_ptr = 0x0
KeInsertQueueApc	Apc_unk = 0xfffffa800353d510, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1

Execution Path #41 (length: 3, count: 6, processes: 3)

Information	Value
Sequence Length	3

Processes

Process	Count
Process 34 (jusched.exe, PID: 1528)	2
Process 27 (runonce.exe, PID: 1232)	2
Process 28 (ping.exe, PID: 1292)	2

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\kernel32.dll, IgnoreCase = 1, ret_val_out = 1
IoIs32bitProcess	Irp_unk = 0x0, ret_val_out = 1
RtlImageNtHeader	BaseAddress_ptr = 0x77a30000, ret_val_unk_out = 0x77a300e8

Execution Path #42 (length: 13, count: 1, processes: 1)

Information	Value
Sequence Length	13

Processes

Process	Count
Process 27 (runonce.exe, PID: 1232)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\SysWOW64\kernel32.dll, IgnoreCase = 1, ret_val_out = 1
IoIs32bitProcess	Irp_unk = 0x0, ret_val_out = 1
RtlImageNtHeader	BaseAddress_ptr = 0x76300000, ret_val_unk_out = 0x763000e8
RtlImageNtHeader	BaseAddress_ptr = 0x76300000, ret_val_unk_out = 0x763000e8
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x76300000, MappedAsImage = 1, Directory = 0x0, Size_ptr_out = 0xfffff88002aca6b0, ret_val_ptr_out = 0x763bfa00
RtlImageNtHeader	BaseAddress_ptr = 0x76300000, ret_val_unk_out = 0x763000e8
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x76300000, MappedAsImage = 1, Directory = 0x0, Size_ptr_out = 0xfffff88002aca6b0, ret_val_ptr_out = 0x763bfa00
RtlImageNtHeader	BaseAddress_ptr = 0x76300000, ret_val_unk_out = 0x763000e8
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x76300000, MappedAsImage = 1, Directory = 0x0, Size_ptr_out = 0xfffff88002aca6b0, ret_val_ptr_out = 0x763bfa00
IoGetCurrentProcess	ret_val_unk_out = 0xfffffa8003878630
PsGetProcessPeb	ret_val_out = 0x7efdf000
IoGetCurrentProcess	ret_val_unk_out = 0xfffffa8003878630
PsGetProcessPeb	ret_val_out = 0x7efdf000

Execution Path #43 (length: 10, count: 3, processes: 3)

Information	Value
Sequence Length	10

Processes

Process	Count
Process 34 (jusched.exe, PID: 1528)	1
Process 27 (runonce.exe, PID: 1232)	1
Process 28 (ping.exe, PID: 1292)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\SysWOW64\kernel32.dll, IgnoreCase = 1, ret_val_out = 1
IoIs32bitProcess	Irp_unk = 0x0, ret_val_out = 1
RtlImageNtHeader	BaseAddress_ptr = 0x76300000, ret_val_unk_out = 0x763000e8
IoGetCurrentProcess	ret_val_unk_out = 0xfffffa8003878630
PsGetProcessPeb	ret_val_out = 0x7efdf000
IoGetCurrentProcess	ret_val_unk_out = 0xfffffa8003878630
PsGetProcessPeb	ret_val_out = 0x7efdf000
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa8002a427c0
KeInitializeApc	Apc_unk = 0xfffffa8002a427c0, Thread_unk = 0xfffffa800379bb60, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027cb10c, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x0, Mode_unk = 0xffff4a0800000000, Context_ptr = 0x0
KeInsertQueueApc	Apc_unk = 0xfffffa8002a427c0, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1

Execution Path #47 (length: 7, count: 2, processes: 2)

Information	Value
Sequence Length	7

Processes

Process	Count
Process 34 (jusched.exe, PID: 1528)	1
Process 28 (ping.exe, PID: 1292)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\SysWOW64\kernel32.dll, IgnoreCase = 1, ret_val_out = 1
IoIs32bitProcess	Irp_unk = 0x0, ret_val_out = 1
RtlImageNtHeader	BaseAddress_ptr = 0x76300000, ret_val_unk_out = 0x763000e8
IoGetCurrentProcess	ret_val_unk_out = 0xfffffa800389eb30
PsGetProcessPeb	ret_val_out = 0x7efdf000
IoGetCurrentProcess	ret_val_unk_out = 0xfffffa800389eb30
PsGetProcessPeb	ret_val_out = 0x7efdf000

Code Block #3 ( EP #66)

Information	Value
Trigger	ExpWorkerThread+0x10f
Start Address	0xfffffa80027cb42c

Execution Path #66 (length: 130, count: 1, processes: 1 incomplete)

Information	Value
Sequence Length	130

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ExFreePoolWithTag	P_ptr = 0xfffffa800275e8f0, Tag = 0x0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002fabb20
ZwOpenKey	DesiredAccess_unk = 0xf003f, ObjectAttributes_ptr = 0xfffff88002fabad0, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \registry\machine\system\currentcontrolset\control, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, KeyHandle_ptr_out = 0xfffff88002fabb80, KeyHandle_out = 0xffffffff8000010c, ret_val_unk_out = 0x0
ZwQueryValueKey	KeyHandle_unk = 0xffffffff8000010c, ValueName = systemstartoptions, KeyValueInformationClass_unk = 0x2, Length = 0x1000, KeyValueInformation_ptr_out = 0xfffffa80027d1890, KeyValueInformation_deref_TitleIndex_out = 0x0, KeyValueInformation_deref_Type_out = 0x1, KeyValueInformation_deref_DataLength_out = 0x32, KeyValueInformation_deref_Data_out = NOEXECUTE=OPTIN IN MINT, ResultLength_ptr_out = 0xfffff88002fabb78, ret_val_unk_out = 0x0
_snwprintf	_Count = 0x103, _Format = %.*s, _Dest_out = NOEXECUTE=OPTIN IN MINT, ret_val_out = 24
wcsstr	_Str = NOEXECUTE=OPTIN IN MINT, _SubStr = IN MINT, ret_val_out = IN MINT
ZwSetValueKey	KeyHandle_unk = 0xffffffff8000010c, ValueName = systemstartoptions, TitleIndex = 0x0, Type = 0x1, Data = NOEXECUTE=OPTIN, DataSize = 0x20, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff8000010c, ret_val_unk_out = 0x0
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffffa80027d31b0, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0xfffff80002a74618, WorkItem_deref_List.Blink_unk_out = 0xfffffa80027b0b10, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0xfffff80002a74618, WorkItem_deref_List.Blink_unk_out = 0xfffffa80018cbbe0, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0xfffff80002a74618, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0xfffff80002a74618, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0xfffff80002a74618, WorkItem_deref_List.Blink_unk_out = 0xfffffa80018ee140, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject	ret_val_out = 0x102
ExQueueWorkItem	WorkItem_ptr = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr = 0x0, QueueType_unk = 0x0, WorkItem_ptr_out = 0xfffff88002fabb00, WorkItem_deref_List.Flink_unk_out = 0x0, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74618, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cb3cc, WorkItem_deref_Parameter_ptr_out = 0x0
KeWaitForMutexObject

Code Block #7 ( EP #13)

Information	Value
Trigger	KiDeliverApc+0x1c4
Start Address	0xfffffa80027cb10c

Execution Path #13 (length: 9, count: 31, processes: 31)

Information	Value
Sequence Length	9

Processes

Process	Count
Process 3 (smss.exe, PID: 252)	1
Process 6 (csrss.exe, PID: 324)	1
Process 8 (wininit.exe, PID: 372)	1
Process 9 (csrss.exe, PID: 384)	1
Process 10 (winlogon.exe, PID: 412)	1
Process 11 (services.exe, PID: 468)	1
Process 12 (lsass.exe, PID: 484)	1
Process 13 (lsm.exe, PID: 492)	1
Process 14 (svchost.exe, PID: 592)	1
Process 15 (svchost.exe, PID: 660)	1
Process 16 (svchost.exe, PID: 708)	1
Process 17 (logonui.exe, PID: 776)	1
Process 18 (svchost.exe, PID: 828)	1
Process 19 (svchost.exe, PID: 884)	1
Process 20 (audiodg.exe, PID: 964)	1
Process 21 (svchost.exe, PID: 296)	1
Process 22 (dllhost.exe, PID: 540)	1
Process 23 (userinit.exe, PID: 956)	1
Process 24 (explorer.exe, PID: 320)	1
Process 25 (dwm.exe, PID: 1060)	1
Process 26 (svchost.exe, PID: 1112)	1
Process 27 (runonce.exe, PID: 1232)	1
Process 28 (ping.exe, PID: 1292)	1
Process 29 (spoolsv.exe, PID: 1300)	1
Process 30 (conhost.exe, PID: 1316)	1
Process 31 (dllhost.exe, PID: 1332)	1
Process 32 (taskhost.exe, PID: 1400)	1
Process 33 (svchost.exe, PID: 1456)	1
Process 34 (jusched.exe, PID: 1528)	1
Process 35 (taskhost.exe, PID: 1928)	1
Process 36 (dllhost.exe, PID: 840)	1

Sequence

Symbol	Parameters
ExFreePoolWithTag	P_ptr = 0xfffffa8003426320, Tag = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x478, ret_val_ptr_out = 0xfffffa800344c960
IoGetCurrentProcess	ret_val_unk_out = 0xfffffa80029dbb30
PsGetCurrentProcessId	ret_val_unk_out = 0xfc
IoIs32bitProcess	Irp_unk = 0x0, ret_val_out = 0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffffa800344c9a0
ExQueueWorkItem	WorkItem_ptr = 0xfffffa800344c960, WorkItem_deref_List.Flink_unk = 0x0, WorkItem_deref_List.Blink_unk = 0xe0a5840f2039, WorkItem_deref_WorkerRoutine_unk = 0xfffffa80027cafd8, WorkItem_deref_Parameter_ptr = 0xfffffa800344c960, QueueType_unk = 0x1, WorkItem_ptr_out = 0xfffffa800344c960, WorkItem_deref_List.Flink_unk_out = 0xfffff80002a74670, WorkItem_deref_List.Blink_unk_out = 0xfffff80002a74670, WorkItem_deref_WorkerRoutine_unk_out = 0xfffffa80027cafd8, WorkItem_deref_Parameter_ptr_out = 0xfffffa800344c960
KeWaitForMutexObject	ret_val_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffffa800344c960, Tag = 0x0

Code Block #5 ( EP #5, #54)

Information	Value
Trigger	ExpWorkerThread+0x10f
Start Address	0xfffffa80027cb3cc

Execution Path #5 (length: 6, count: 60, processes: 1)

Information	Value
Sequence Length	6

Processes

Process	Count
Process 2 (System, PID: 4)	60

Sequence

Symbol	Parameters
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80018df580
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d2990, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80018df580, Irp_unk_out = 0xfffffa80018df580, ret_val_unk_out = 0xfffffa800dd48630
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800dd48630, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800dd48630
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f7aaf0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0

Execution Path #54 (length: 5, count: 1, processes: 1)

Information	Value
Sequence Length	5

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003aecbc0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038bc390, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038bc390
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f7aaf0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0

Code Block #8 ( EP #12, #15, #21, #22, #23, #34, #35, #37, #40, #44, #48, #49, #53)

Information	Value
Trigger	ExpWorkerThread+0x10f
Start Address	0xfffffa80027cafd8

Execution Path #12 (length: 525, count: 1, processes: 1)

Information	Value
Sequence Length	525

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0xfc, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff80000178, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff8000017c, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027db068, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003432c20
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x80000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff8000017c, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x80010, Length_ptr = 0x80018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x80000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027db068, Irp_unk = 0xfffffa80018af570, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff8000017c, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x197, ret_val_ptr_out = 0xfffff8a0000f71f0
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = * (x64)=, ret_val_out = 8
_strlwr	_Str = * (x64)=, _Str_out = * (x64)=, ret_val_out = * (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff8000017c, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x196, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a0000f71f0, Buffer_deref_data_out = BINARY(offset=2282570,skipped=0,size=406), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88007f071f0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003426010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003426010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003426010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003426010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003426010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003426010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = * (x64)=, ret_val_out = * (x64)=cmd64.dll
strncpy	_Source = cmd64.dll, _Count = 0x104, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x80000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a0000f71f0, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff8000017c, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80018af570, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa800342e490, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa8003432c20, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa80029dbb30, PROCESS_unk_out = 0xfffffa80029dbb30, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 35
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd64.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd64.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd64.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff8000017c, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
strncpy	_Source = cmd64.dll, _Count = 0x10, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027db068, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003430ce0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff8000017c, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x5c, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x5c, ProcessHandle_unk = 0xffffffff80000178, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0xfffff88000000002, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7fffffa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x6000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x7fffffa0040
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88007f08000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff80000178, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x190000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x14000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x190000, ret_val_unk_out = 0x190040
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x190000, MappedAsImage = 1, Directory = 0x5, Size_ptr_out = 0xfffff88002f9dad8, ret_val_ptr_out = 0x0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff80000178, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae8, BaseAddress_out = 0x1b0000, RegionSize_ptr_out = 0xfffff88002f9d9f8, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = \\?\globalroot%S, _Dest_out = \\?\globalroot\device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 49
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa8003435c50
KeInitializeApc	Apc_unk = 0xfffffa8003435c50, Thread_unk = 0xfffffa80029e8040, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027ca950, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x1b0128, Mode_unk = 0xfffff88000000001, Context_ptr = 0x1b0000
KeInsertQueueApc	Apc_unk = 0xfffffa8003435c50, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1
ZwUnmapViewOfSection	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0x5c, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff8000017c, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80018af570, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa800342e360, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
KeUnstackDetachProcess	ApcState_unk = 0xfffff88002f9da58
PsGetProcessImageFileName	ret_val_out = 0xfffffa80029dbe10
_snprintf	_Count = 0x103, _Format = %s (x64), _Dest_out = smss.exe (x64), ret_val_out = 14
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff80000160, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003432810
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x80000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff80000160, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x80010, Length_ptr = 0x80018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x80000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80018af570, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff80000160, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003436b10
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003436b10
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x197, ret_val_ptr_out = 0xfffff8a0000ed820
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = smss.exe (x64)=, ret_val_out = 15
_strlwr	_Str = smss.exe (x64)=, _Str_out = smss.exe (x64)=, ret_val_out = smss.exe (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff80000160, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x196, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a0000ed820, Buffer_deref_data_out = BINARY(offset=2472485,skipped=0,size=406), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003436b10, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88007f0e820
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003426010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003426010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003426010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80021e92b0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80021e92b0, Irp_unk_out = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa8003426010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003426010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003426010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = smss.exe (x64)=
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x80000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a0000ed820, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff80000160, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80018af570, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa8003447e20, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa8003432810, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80018af570, PriorityBoost = 0
ZwClose	Handle_unk = 0xffffffff80000178, ret_val_unk_out = 0x0
KeSetEvent	Event_unk = 0xfffffa800344c9a0, Increment_unk = 0x0, Wait = 0, Event_unk_out = 0xfffffa800344c9a0, ret_val_out = 0

Execution Path #15 (length: 525, count: 13, processes: 1)

Information	Value
Sequence Length	525

Processes

Process	Count
Process 2 (System, PID: 4)	13

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f8fb30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f8fb20, ClientId_deref_UniqueProcess_unk = 0x144, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f8fb70, ProcessHandle_out = 0xffffffff800001dc, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f8f7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f8fb18, FileHandle_out = 0xffffffff800001d8, IoStatusBlock_unk_out = 0xfffff88002f8f7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8ed80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800351a160
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f8f880, BaseAddress_out = 0x80000, RegionSize_ptr_out = 0xfffff88002f8f888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800001d8, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x80010, Length_ptr = 0x80018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x80000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80021e92b0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800001d8, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f8f7a0, FileInformation_ptr_out = 0xfffff88002f8f7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x197, ret_val_ptr_out = 0xfffff8a003256af0
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = * (x64)=, ret_val_out = 8
_strlwr	_Str = * (x64)=, _Str_out = * (x64)=, ret_val_out = * (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800001d8, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x196, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f8f7a0, Buffer_ptr_out = 0xfffff8a003256af0, Buffer_deref_data_out = BINARY(offset=2917332,skipped=0,size=406), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff8800354baf0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa800d5351c0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800d5351c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800d5351c0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa800d5351c0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800d5351c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800d5351c0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = * (x64)=, ret_val_out = * (x64)=cmd64.dll
strncpy	_Source = cmd64.dll, _Count = 0x104, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f8f880, BaseAddress = 0x80000, RegionSize_ptr = 0xfffff88002f8f888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a003256af0, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800001d8, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa8006f161a0, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa800351a160, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa8003545630, PROCESS_unk_out = 0xfffffa8003545630, ApcState_unk_out = 0xfffff88002f8fa58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 35
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd64.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd64.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f8fa08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd64.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f8f9e8, FileHandle_out = 0xffffffff800001d8, IoStatusBlock_unk_out = 0xfffff88002f8fa48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8efc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800351d160
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff800001d8, SectionHandle_ptr_out = 0xfffff88002f8f9e0, SectionHandle_out = 0x3c, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x3c, ProcessHandle_unk = 0xffffffff800001dc, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0x2, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f8f9d0, BaseAddress_out = 0x7fffffa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f8fa00, ViewSize_out = 0x6000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x7fffffa0040
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800bd3cc00, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff8800354c000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800001dc, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f8fae0, BaseAddress_out = 0x100000, RegionSize_ptr_out = 0xfffff88002f8f9f0, RegionSize_out = 0x14000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x100000, ret_val_unk_out = 0x100040
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x100000, MappedAsImage = 1, Directory = 0x5, Size_ptr_out = 0xfffff88002f8fad8, ret_val_ptr_out = 0x0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800001dc, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f8fae8, BaseAddress_out = 0x120000, RegionSize_ptr_out = 0xfffff88002f8f9f8, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = \\?\globalroot%S, _Dest_out = \\?\globalroot\device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 49
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa80034fe160
KeInitializeApc	Apc_unk = 0xfffffa80034fe160, Thread_unk = 0xfffffa8003439b60, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027ca950, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x120128, Mode_unk = 0xfffff88000000001, Context_ptr = 0x120000
KeInsertQueueApc	Apc_unk = 0xfffffa80034fe160, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1
ZwUnmapViewOfSection	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0x3c, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff800001d8, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa80028cb070, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
KeUnstackDetachProcess	ApcState_unk = 0xfffff88002f8fa58
PsGetProcessImageFileName	ret_val_out = 0xfffffa8003545910
_snprintf	_Count = 0x103, _Format = %s (x64), _Dest_out = csrss.exe (x64), ret_val_out = 15
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f8f7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f8fb18, FileHandle_out = 0xffffffff800001d8, IoStatusBlock_unk_out = 0xfffff88002f8f7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8ed80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800351f160
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f8f880, BaseAddress_out = 0x80000, RegionSize_ptr_out = 0xfffff88002f8f888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800001d8, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x80010, Length_ptr = 0x80018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x80000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80021e92b0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800001d8, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f8f7a0, FileInformation_ptr_out = 0xfffff88002f8f7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa80034c83a0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80034c83a0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x197, ret_val_ptr_out = 0xfffff8a003256800
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = csrss.exe (x64)=, ret_val_out = 16
_strlwr	_Str = csrss.exe (x64)=, _Str_out = csrss.exe (x64)=, ret_val_out = csrss.exe (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800001d8, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x196, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f8f7a0, Buffer_ptr_out = 0xfffff8a003256800, Buffer_deref_data_out = BINARY(offset=3105329,skipped=0,size=406), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80034c83a0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88003552800
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa800d5351c0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800d5351c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800d5351c0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034197c0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034197c0, Irp_unk_out = 0xfffffa80034197c0, ret_val_unk_out = 0xfffffa800d5351c0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800d5351c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800d5351c0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = csrss.exe (x64)=
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f8f880, BaseAddress = 0x80000, RegionSize_ptr = 0xfffff88002f8f888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a003256800, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800001d8, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80021e92b0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa8008912f20, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa800351f160, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80021e92b0, PriorityBoost = 0
ZwClose	Handle_unk = 0xffffffff800001dc, ret_val_unk_out = 0x0
KeSetEvent	Event_unk = 0xfffffa80028cba90, Increment_unk = 0x0, Wait = 0, Event_unk_out = 0xfffffa80028cba90, ret_val_out = 0

Execution Path #21 (length: 524, count: 1, processes: 1)

Information	Value
Sequence Length	524

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0x308, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff800003ec, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800003f4, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80036580a0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800003f4, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80036557b0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800003f4, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x197, ret_val_ptr_out = 0xfffff8a000a8ce60
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = * (x64)=, ret_val_out = 8
_strlwr	_Str = * (x64)=, _Str_out = * (x64)=, ret_val_out = * (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800003f4, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x196, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a000a8ce60, Buffer_deref_data_out = BINARY(offset=6376392,skipped=0,size=406), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002c89e60
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = * (x64)=, ret_val_out = * (x64)=cmd64.dll
strncpy	_Source = cmd64.dll, _Count = 0x104, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a000a8ce60, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800003f4, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80036557b0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa80034e7710, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80036580a0, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa80036566b0, PROCESS_unk_out = 0xfffffa80036566b0, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 35
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd64.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd64.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd64.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff800003f4, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800365d530
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff800003f4, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x14, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x14, ProcessHandle_unk = 0xffffffff800003ec, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0xfffff88000000002, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7fffffa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x6000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x7fffffa0040
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002c8a000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800003ec, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x14000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x10000, ret_val_unk_out = 0x10040
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x10000, MappedAsImage = 1, Directory = 0x5, Size_ptr_out = 0xfffff88002f9dad8, ret_val_ptr_out = 0x0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800003ec, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae8, BaseAddress_out = 0x50000, RegionSize_ptr_out = 0xfffff88002f9d9f8, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = \\?\globalroot%S, _Dest_out = \\?\globalroot\device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 49
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa80036602e0
KeInitializeApc	Apc_unk = 0xfffffa80036602e0, Thread_unk = 0xfffffa8003649320, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027ca950, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x50128, Mode_unk = 0xfffff88000000001, Context_ptr = 0x50000
KeInsertQueueApc	Apc_unk = 0xfffffa80036602e0, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1
ZwUnmapViewOfSection	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0x14, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff800003f4, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80036557b0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa80034e74e0, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
KeUnstackDetachProcess	ApcState_unk = 0xfffff88002f9da58
PsGetProcessImageFileName	ret_val_out = 0xfffffa8003656990
_snprintf	_Count = 0x103, _Format = %s (x64), _Dest_out = LogonUI.exe (x64), ret_val_out = 17
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800003f4, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003660280
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800003f4, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80036557b0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800003f4, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x197, ret_val_ptr_out = 0xfffff8a000a8d1d0
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = LogonUI.exe (x64)=, ret_val_out = 18
_strlwr	_Str = LogonUI.exe (x64)=, _Str_out = logonui.exe (x64)=, ret_val_out = logonui.exe (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800003f4, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x196, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a000a8d1d0, Buffer_deref_data_out = BINARY(offset=6566545,skipped=0,size=406), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002c911d0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80034e8010
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80034e8010, Irp_unk_out = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = logonui.exe (x64)=
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a000a8d1d0, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800003f4, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80036557b0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa8003660050, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa8003660280, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80036557b0, PriorityBoost = 0
ZwClose	Handle_unk = 0xffffffff800003ec, ret_val_unk_out = 0x0
KeSetEvent	Event_unk = 0xfffffa8003661050, Increment_unk = 0x0, Wait = 0, Event_unk_out = 0xfffffa8003661050, ret_val_out = 0

Execution Path #22 (length: 522, count: 1, processes: 1)

Information	Value
Sequence Length	522

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0x33c, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff800003f0, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800003f4, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800366ec20
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800003f4, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80034e8010, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800003f4, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x197, ret_val_ptr_out = 0xfffff8a000bce8f0
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = * (x64)=, ret_val_out = 8
_strlwr	_Str = * (x64)=, _Str_out = * (x64)=, ret_val_out = * (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800003f4, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x196, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a000bce8f0, Buffer_deref_data_out = BINARY(offset=6812220,skipped=0,size=406), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002c5f8f0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa80036705e0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80036705e0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80036705e0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa80036705e0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80036705e0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80036705e0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = * (x64)=, ret_val_out = * (x64)=cmd64.dll
strncpy	_Source = cmd64.dll, _Count = 0x104, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a000bce8f0, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800003f4, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa800cbf0a90, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa800366ec20, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa800368d9e0, PROCESS_unk_out = 0xfffffa800368d9e0, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 35
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd64.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd64.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd64.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff800003f4, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800367c0c0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff800003f4, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x14, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x14, ProcessHandle_unk = 0xffffffff800003f0, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0x2, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7fffffa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x6000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x7fffffa0040
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002c60000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800003f0, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x14000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x10000, ret_val_unk_out = 0x10040
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x10000, MappedAsImage = 1, Directory = 0x5, Size_ptr_out = 0xfffff88002f9dad8, ret_val_ptr_out = 0x0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800003f0, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae8, BaseAddress_out = 0x50000, RegionSize_ptr_out = 0xfffff88002f9d9f8, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = \\?\globalroot%S, _Dest_out = \\?\globalroot\device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 49
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa800368e2e0
KeInitializeApc	Apc_unk = 0xfffffa800368e2e0, Thread_unk = 0xfffffa800365f710, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027ca950, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x50128, Mode_unk = 0xfffff88000000001, Context_ptr = 0x50000
KeInsertQueueApc	Apc_unk = 0xfffffa800368e2e0, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1
ZwUnmapViewOfSection	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0x14, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff800003f4, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa800cbf0830, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
KeUnstackDetachProcess	ApcState_unk = 0xfffff88002f9da58
PsGetProcessImageFileName	ret_val_out = 0xfffffa800368dcc0
_snprintf	_Count = 0x103, _Format = %s (x64), _Dest_out = svchost.exe (x64), ret_val_out = 17
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800003f4, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80034ea110
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800003f4, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80034e8010, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800003f4, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003670280
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003670280
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x197, ret_val_ptr_out = 0xfffff8a000bd20e0
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = svchost.exe (x64)=, ret_val_out = 18
_strlwr	_Str = svchost.exe (x64)=, _Str_out = svchost.exe (x64)=, ret_val_out = svchost.exe (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800003f4, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x196, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a000bd20e0, Buffer_deref_data_out = BINARY(offset=7001132,skipped=0,size=406), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003670280, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002c730e0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa80036705e0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80036705e0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80036705e0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa80036705e0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80036705e0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80036705e0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = svchost.exe (x64)=
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a000bd20e0, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800003f4, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa800cbf0a90, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80034ea110, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwClose	Handle_unk = 0xffffffff800003f0, ret_val_unk_out = 0x0
KeSetEvent	Event_unk = 0xfffffa800cbf0bc0, Increment_unk = 0x0, Wait = 0, Event_unk_out = 0xfffffa800cbf0bc0, ret_val_out = 0

Execution Path #23 (length: 522, count: 1, processes: 1)

Information	Value
Sequence Length	522

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0x374, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff8000040c, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff80000404, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003690100
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff80000404, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80034e8010, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff80000404, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x197, ret_val_ptr_out = 0xfffff8a0065f8010
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = * (x64)=, ret_val_out = 8
_strlwr	_Str = * (x64)=, _Str_out = * (x64)=, ret_val_out = * (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff80000404, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x196, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a0065f8010, Buffer_deref_data_out = BINARY(offset=7238679,skipped=0,size=406), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff8800349b010
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = * (x64)=, ret_val_out = * (x64)=cmd64.dll
strncpy	_Source = cmd64.dll, _Count = 0x104, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a0065f8010, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff80000404, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa80036901a0, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa8003690100, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa80034fca60, PROCESS_unk_out = 0xfffffa80034fca60, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 35
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd64.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd64.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd64.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff80000404, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80028a3e90
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff80000404, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x14, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x14, ProcessHandle_unk = 0xffffffff8000040c, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0xfffff88000000002, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7fffffa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x6000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x7fffffa0040
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff8800349c000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff8000040c, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x14000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x10000, ret_val_unk_out = 0x10040
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x10000, MappedAsImage = 1, Directory = 0x5, Size_ptr_out = 0xfffff88002f9dad8, ret_val_ptr_out = 0x0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff8000040c, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae8, BaseAddress_out = 0x50000, RegionSize_ptr_out = 0xfffff88002f9d9f8, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = \\?\globalroot%S, _Dest_out = \\?\globalroot\device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 49
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa800368e2e0
KeInitializeApc	Apc_unk = 0xfffffa800368e2e0, Thread_unk = 0xfffffa8003690b60, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027ca950, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x50128, Mode_unk = 0xfffff88000000001, Context_ptr = 0x50000
KeInsertQueueApc	Apc_unk = 0xfffffa800368e2e0, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1
ZwUnmapViewOfSection	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0x14, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff80000404, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa8003690780, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
KeUnstackDetachProcess	ApcState_unk = 0xfffff88002f9da58
PsGetProcessImageFileName	ret_val_out = 0xfffffa80034fcd40
_snprintf	_Count = 0x103, _Format = %s (x64), _Dest_out = svchost.exe (x64), ret_val_out = 17
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff80000404, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80034fb310
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff80000404, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80034e8010, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff80000404, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x197, ret_val_ptr_out = 0xfffff8a00649d670
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = svchost.exe (x64)=, ret_val_out = 18
_strlwr	_Str = svchost.exe (x64)=, _Str_out = svchost.exe (x64)=, ret_val_out = svchost.exe (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff80000404, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x196, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a00649d670, Buffer_deref_data_out = BINARY(offset=7429823,skipped=0,size=406), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff880034ab670
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = svchost.exe (x64)=
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a00649d670, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff80000404, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa80034f2b90, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80034fb310, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwClose	Handle_unk = 0xffffffff8000040c, ret_val_unk_out = 0x0
KeSetEvent	Event_unk = 0xfffffa80034fc5c0, Increment_unk = 0x0, Wait = 0, Event_unk_out = 0xfffffa80034fc5c0, ret_val_out = 0

Execution Path #34 (length: 521, count: 1, processes: 1)

Information	Value
Sequence Length	521

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0x128, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff80000448, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff8000044c, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003792170
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff8000044c, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80034e8010, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff8000044c, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a0012af0f0
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = * (x64)=, ret_val_out = 8
_strlwr	_Str = * (x64)=, _Str_out = * (x64)=, ret_val_out = * (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff8000044c, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a0012af0f0, Buffer_deref_data_out = BINARY(offset=9880973,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff880035eb0f0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = * (x64)=, ret_val_out = * (x64)=cmd64.dll
strncpy	_Source = cmd64.dll, _Count = 0x104, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a0012af0f0, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff8000044c, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa800378e300, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa8003792170, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa800378fb30, PROCESS_unk_out = 0xfffffa800378fb30, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 35
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd64.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd64.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd64.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff8000044c, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80036b8330
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff8000044c, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x14, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x14, ProcessHandle_unk = 0xffffffff80000448, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0x2, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7fffffa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x6000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x7fffffa0040
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000b05000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff80000448, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x14000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x10000, ret_val_unk_out = 0x10040
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x10000, MappedAsImage = 1, Directory = 0x5, Size_ptr_out = 0xfffff88002f9dad8, ret_val_ptr_out = 0x0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff80000448, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae8, BaseAddress_out = 0x50000, RegionSize_ptr_out = 0xfffff88002f9d9f8, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = \\?\globalroot%S, _Dest_out = \\?\globalroot\device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 49
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa80036d0440
KeInitializeApc	Apc_unk = 0xfffffa80036d0440, Thread_unk = 0xfffffa8003794690, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027ca950, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x50128, Mode_unk = 0xfffff88000000001, Context_ptr = 0x50000
KeInsertQueueApc	Apc_unk = 0xfffffa80036d0440, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1
ZwUnmapViewOfSection	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0x14, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff8000044c, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa800378e1d0, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
KeUnstackDetachProcess	ApcState_unk = 0xfffff88002f9da58
PsGetProcessImageFileName	ret_val_out = 0xfffffa800378fe10
_snprintf	_Count = 0x103, _Format = %s (x64), _Dest_out = svchost.exe (x64), ret_val_out = 17
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff8000044c, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80036cecd0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff8000044c, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80034e8010, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff8000044c, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a0012a9d50
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = svchost.exe (x64)=, ret_val_out = 18
_strlwr	_Str = svchost.exe (x64)=, _Str_out = svchost.exe (x64)=, ret_val_out = svchost.exe (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff8000044c, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a0012a9d50, Buffer_deref_data_out = BINARY(offset=10067888,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000b0bd50
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003790cd0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003790cd0, Irp_unk_out = 0xfffffa8003790cd0, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = svchost.exe (x64)=
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a0012a9d50, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff8000044c, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa8003795e50, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80036cecd0, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0
ZwClose	Handle_unk = 0xffffffff80000448, ret_val_unk_out = 0x0
KeSetEvent	Event_unk = 0xfffffa800378e430, Increment_unk = 0x0, Wait = 0, Event_unk_out = 0xfffffa800378e430, ret_val_out = 0

Execution Path #35 (length: 522, count: 1, processes: 1)

Information	Value
Sequence Length	522

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0x3bc, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff800004bc, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800004b0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80037ddea0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800004b0, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80037c7bb0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800004b0, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a00146ee40
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = * (x64)=, ret_val_out = 8
_strlwr	_Str = * (x64)=, _Str_out = * (x64)=, ret_val_out = * (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800004b0, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a00146ee40, Buffer_deref_data_out = BINARY(offset=10736580,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000be6e40
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa8008136f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8008136f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8008136f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa8008136f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8008136f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8008136f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = * (x64)=, ret_val_out = * (x64)=cmd64.dll
strncpy	_Source = cmd64.dll, _Count = 0x104, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a00146ee40, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800004b0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80037c7bb0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa80037e1710, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80037ddea0, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa80037e0800, PROCESS_unk_out = 0xfffffa80037e0800, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 35
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd64.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd64.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd64.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff800004b0, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80037d7890
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff800004b0, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x14, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x14, ProcessHandle_unk = 0xffffffff800004bc, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0x2, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7fffffa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x6000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x7fffffa0040
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000be7000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004bc, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x14000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x10000, ret_val_unk_out = 0x10040
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x10000, MappedAsImage = 1, Directory = 0x5, Size_ptr_out = 0xfffff88002f9dad8, ret_val_ptr_out = 0x0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004bc, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae8, BaseAddress_out = 0x50000, RegionSize_ptr_out = 0xfffff88002f9d9f8, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = \\?\globalroot%S, _Dest_out = \\?\globalroot\device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 49
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa80036f82c0
KeInitializeApc	Apc_unk = 0xfffffa80036f82c0, Thread_unk = 0xfffffa80037da800, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027ca950, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x50128, Mode_unk = 0xfffff88000000001, Context_ptr = 0x50000
KeInsertQueueApc	Apc_unk = 0xfffffa80036f82c0, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1
ZwUnmapViewOfSection	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0x14, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff800004b0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80037c7bb0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa80037deaa0, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
KeUnstackDetachProcess	ApcState_unk = 0xfffff88002f9da58
PsGetProcessImageFileName	ret_val_out = 0xfffffa80037e0ae0
_snprintf	_Count = 0x103, _Format = %s (x64), _Dest_out = userinit.exe (x64), ret_val_out = 18
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800004b0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80037d9cb0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800004b0, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80037c7bb0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800004b0, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a001470b40
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = userinit.exe (x64)=, ret_val_out = 19
_strlwr	_Str = userinit.exe (x64)=, _Str_out = userinit.exe (x64)=, ret_val_out = userinit.exe (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800004b0, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a001470b40, Buffer_deref_data_out = BINARY(offset=10923735,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000bedb40
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa8008136f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8008136f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8008136f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa8008136f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8008136f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8008136f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = userinit.exe (x64)=
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a001470b40, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800004b0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80037c7bb0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa80037d9860, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80037d9cb0, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwClose	Handle_unk = 0xffffffff800004bc, ret_val_unk_out = 0x0
KeSetEvent	Event_unk = 0xfffffa80037e1840, Increment_unk = 0x0, Wait = 0, Event_unk_out = 0xfffffa80037e1840, ret_val_out = 0

Execution Path #37 (length: 524, count: 1, processes: 1)

Information	Value
Sequence Length	524

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0x140, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff800004b0, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800004bc, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003715cd0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800004bc, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80037c7bb0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800004bc, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a001473190
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = * (x64)=, ret_val_out = 8
_strlwr	_Str = * (x64)=, _Str_out = * (x64)=, ret_val_out = * (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800004bc, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a001473190, Buffer_deref_data_out = BINARY(offset=11080487,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff880035b6190
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa8008136f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8008136f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8008136f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa8008136f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8008136f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8008136f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = * (x64)=, ret_val_out = * (x64)=cmd64.dll
strncpy	_Source = cmd64.dll, _Count = 0x104, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a001473190, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800004bc, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80037c7bb0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa80037e33c0, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa8003715cd0, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa80037ee060, PROCESS_unk_out = 0xfffffa80037ee060, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 35
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd64.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd64.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd64.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff800004bc, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800370f9b0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff800004bc, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x14, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x14, ProcessHandle_unk = 0xffffffff800004b0, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0x2, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7fffffa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x6000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x7fffffa0040
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff880035b7000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004b0, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x14000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x10000, ret_val_unk_out = 0x10040
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x10000, MappedAsImage = 1, Directory = 0x5, Size_ptr_out = 0xfffff88002f9dad8, ret_val_ptr_out = 0x0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004b0, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae8, BaseAddress_out = 0x50000, RegionSize_ptr_out = 0xfffff88002f9d9f8, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = \\?\globalroot%S, _Dest_out = \\?\globalroot\device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 49
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa8003710610
KeInitializeApc	Apc_unk = 0xfffffa8003710610, Thread_unk = 0xfffffa80037e3b60, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027ca950, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x50128, Mode_unk = 0xfffff88000000001, Context_ptr = 0x50000
KeInsertQueueApc	Apc_unk = 0xfffffa8003710610, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1
ZwUnmapViewOfSection	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0x14, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff800004bc, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80037c7bb0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa80037e3290, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
KeUnstackDetachProcess	ApcState_unk = 0xfffff88002f9da58
PsGetProcessImageFileName	ret_val_out = 0xfffffa80037ee340
_snprintf	_Count = 0x103, _Format = %s (x64), _Dest_out = explorer.exe (x64), ret_val_out = 18
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800004bc, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800371a750
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800004bc, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80037c7bb0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800004bc, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa80037baa70
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80037baa70
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a001472010
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = explorer.exe (x64)=, ret_val_out = 19
_strlwr	_Str = explorer.exe (x64)=, _Str_out = explorer.exe (x64)=, ret_val_out = explorer.exe (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800004bc, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a001472010, Buffer_deref_data_out = BINARY(offset=11269694,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80037baa70, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff880035bd010
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa8008136f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8008136f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8008136f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80037d6160
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80037d6160, Irp_unk_out = 0xfffffa80037d6160, ret_val_unk_out = 0xfffffa8008136f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8008136f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8008136f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = explorer.exe (x64)=
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a001472010, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800004bc, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80037c7bb0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa80037e2e20, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa800371a750, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80037c7bb0, PriorityBoost = 0
ZwClose	Handle_unk = 0xffffffff800004b0, ret_val_unk_out = 0x0
KeSetEvent	Event_unk = 0xfffffa80037e2050, Increment_unk = 0x0, Wait = 0, Event_unk_out = 0xfffffa80037e2050, ret_val_out = 0

Execution Path #40 (length: 524, count: 1, processes: 1)

Information	Value
Sequence Length	524

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0x458, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff800004d8, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800004d4, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003757560
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800004d4, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa8003828ee0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800004d4, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a0014b24e0
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = * (x64)=, ret_val_out = 8
_strlwr	_Str = * (x64)=, _Str_out = * (x64)=, ret_val_out = * (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800004d4, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a0014b24e0, Buffer_deref_data_out = BINARY(offset=11917538,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff880031fa4e0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = * (x64)=, ret_val_out = * (x64)=cmd64.dll
strncpy	_Source = cmd64.dll, _Count = 0x104, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a0014b24e0, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800004d4, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa8003828ee0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa800381c250, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa8003757560, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa8003822060, PROCESS_unk_out = 0xfffffa8003822060, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 35
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd64.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd64.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd64.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff800004d4, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800381c0e0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff800004d4, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x14, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x14, ProcessHandle_unk = 0xffffffff800004d8, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0xfffff88000000002, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7fffffa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x6000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x7fffffa0040
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800bd3cc00, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88003420000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004d8, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x14000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x10000, ret_val_unk_out = 0x10040
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x10000, MappedAsImage = 1, Directory = 0x5, Size_ptr_out = 0xfffff88002f9dad8, ret_val_ptr_out = 0x0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004d8, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae8, BaseAddress_out = 0x50000, RegionSize_ptr_out = 0xfffff88002f9d9f8, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = \\?\globalroot%S, _Dest_out = \\?\globalroot\device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 49
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa8003753b90
KeInitializeApc	Apc_unk = 0xfffffa8003753b90, Thread_unk = 0xfffffa80038294d0, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027ca950, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x50128, Mode_unk = 0xfffff88000000001, Context_ptr = 0x50000
KeInsertQueueApc	Apc_unk = 0xfffffa8003753b90, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1
ZwUnmapViewOfSection	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0x14, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff800004d4, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa8003828ee0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa8003827af0, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
KeUnstackDetachProcess	ApcState_unk = 0xfffff88002f9da58
PsGetProcessImageFileName	ret_val_out = 0xfffffa8003822340
_snprintf	_Count = 0x103, _Format = %s (x64), _Dest_out = svchost.exe (x64), ret_val_out = 17
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800004d4, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003729120
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800004d4, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa8003828ee0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800004d4, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c140
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c140
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a0014b0440
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = svchost.exe (x64)=, ret_val_out = 18
_strlwr	_Str = svchost.exe (x64)=, _Str_out = svchost.exe (x64)=, ret_val_out = svchost.exe (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800004d4, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a0014b0440, Buffer_deref_data_out = BINARY(offset=12112616,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800381c140, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88003426440
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800382a9f0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800382a9f0, Irp_unk_out = 0xfffffa800382a9f0, ret_val_unk_out = 0xfffffa800381c010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa800381c010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa800381c010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = svchost.exe (x64)=
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a0014b0440, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800004d4, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa8003828ee0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa8003829d00, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa8003729120, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
ZwClose	Handle_unk = 0xffffffff800004d8, ret_val_unk_out = 0x0
KeSetEvent	Event_unk = 0xfffffa800382a050, Increment_unk = 0x0, Wait = 0, Event_unk_out = 0xfffffa800382a050, ret_val_out = 0

Execution Path #44 (length: 1111, count: 1, processes: 1)

Information	Value
Sequence Length	1111

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0x4d0, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff800004f4, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800004f0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80038760d0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800004f0, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa8003828ee0, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800004f0, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a000a8ba30
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = *=, ret_val_out = 2
_strlwr	_Str = =, _Str_out = =, ret_val_out = *=
ZwReadFile	FileHandle_unk = 0xffffffff800004f0, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a000a8ba30, Buffer_deref_data_out = BINARY(offset=12429907,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002c7ba30
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003607090
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003607090, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003607090
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003607090
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003607090, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003607090
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = =, ret_val_out = =cmd.dll * (x64)=cmd64.dll
strncpy	_Source = cmd.dll, _Count = 0x104, _Dest_out = cmd.dll, ret_val_out = cmd.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a000a8ba30, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800004f0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa8003828ee0, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa8003890560, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80038760d0, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa8003878630, PROCESS_unk_out = 0xfffffa8003878630, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd.dll, ret_val_out = 33
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff800004f0, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 8
strncpy	_Source = cmd.dll, _Count = 0x10, _Dest_out = cmd.dll, ret_val_out = cmd.dll
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800d7ff8f0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff800004f0, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x24, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x24, ProcessHandle_unk = 0xffffffff800004f4, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0x2, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7efa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x9000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7efa0000, ret_val_unk_out = 0x7efa00f8
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800bd3cc00, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002c7c000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004f4, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x20000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800bd3cc00, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88002c84000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0
For performance reasons the remaining entries are omitted. Click to download all entries as text file.

Execution Path #48 (length: 1119, count: 1, processes: 1)

Information	Value
Sequence Length	1119

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0x50c, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff800004f0, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800004f8, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daf78, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80038a67c0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800004f8, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daf78, Irp_unk = 0xfffffa800389fd60, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800004f8, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a0015a67a0
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = *=, ret_val_out = 2
_strlwr	_Str = =, _Str_out = =, ret_val_out = *=
ZwReadFile	FileHandle_unk = 0xffffffff800004f8, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a0015a67a0, Buffer_deref_data_out = BINARY(offset=13348740,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff880034c87a0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003607090
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003607090, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003607090
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003607090
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003607090, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003607090
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = =, ret_val_out = =cmd.dll * (x64)=cmd64.dll
strncpy	_Source = cmd.dll, _Count = 0x104, _Dest_out = cmd.dll, ret_val_out = cmd.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a0015a67a0, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800004f8, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daf78, FileObject_unk = 0xfffffa80038a9050, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80038a67c0, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa800389eb30, PROCESS_unk_out = 0xfffffa800389eb30, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd.dll, ret_val_out = 33
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff800004f8, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003887b20
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff800004f8, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x24, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x24, ProcessHandle_unk = 0xffffffff800004f0, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0xfffff88000000002, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7efa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x9000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7efa0000, ret_val_unk_out = 0x7efa00f8
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff880034c9000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004f0, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x20000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff880034d1000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
For performance reasons the remaining entries are omitted. Click to download all entries as text file.

Execution Path #49 (length: 528, count: 7, processes: 1)

Information	Value
Sequence Length	528

Processes

Process	Count
Process 2 (System, PID: 4)	7

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f9db30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f9db20, ClientId_deref_UniqueProcess_unk = 0x514, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f9db70, ProcessHandle_out = 0xffffffff800004f0, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800004f8, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daf78, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80038880e0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800004f8, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daf78, Irp_unk = 0xfffffa800389fd60, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800004f8, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a0015a6e40
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = * (x64)=, ret_val_out = 8
_strlwr	_Str = * (x64)=, _Str_out = * (x64)=, ret_val_out = * (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800004f8, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a0015a6e40, Buffer_deref_data_out = BINARY(offset=13845304,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000b73e40
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5e40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5e40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5e40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5e40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5e40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5e40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = * (x64)=, ret_val_out = * (x64)=cmd64.dll
strncpy	_Source = cmd64.dll, _Count = 0x104, _Dest_out = cmd64.dll, ret_val_out = cmd64.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a0015a6e40, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800004f8, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daf78, FileObject_unk = 0xfffffa80038a9b10, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80038880e0, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa80038a4aa0, PROCESS_unk_out = 0xfffffa80038a4aa0, ApcState_unk_out = 0xfffff88002f9da58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 35
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd64.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd64.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f9da08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd64.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f9d9e8, FileHandle_out = 0xffffffff800004f8, IoStatusBlock_unk_out = 0xfffff88002f9da48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cfc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80038a67c0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff800004f8, SectionHandle_ptr_out = 0xfffff88002f9d9e0, SectionHandle_out = 0x14, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x14, ProcessHandle_unk = 0xffffffff800004f0, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0x2, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f9d9d0, BaseAddress_out = 0x7fffffa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f9da00, ViewSize_out = 0x6000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x7fffffa0040
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000b74000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd64.dll, _Str = cmd64.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004f0, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f9d9f0, RegionSize_out = 0x14000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x10000, ret_val_unk_out = 0x10040
RtlImageDirectoryEntryToData	BaseAddress_ptr = 0x10000, MappedAsImage = 1, Directory = 0x5, Size_ptr_out = 0xfffff88002f9dad8, ret_val_ptr_out = 0x0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004f0, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f9dae8, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d9f8, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = \\?\globalroot%S, _Dest_out = \\?\globalroot\device\000001a9\0d24eb7c\cmd64.dll, ret_val_out = 49
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x58, ret_val_ptr_out = 0xfffffa800230d230
KeInitializeApc	Apc_unk = 0xfffffa800230d230, Thread_unk = 0xfffffa80038a2b60, TargetEnvironment_unk = 0x0, KernelRoutine_unk = 0xfffffa80027ca950, RundownRoutine_unk = 0x0, NormalRoutine_unk = 0x90128, Mode_unk = 0xfffff88000000001, Context_ptr = 0x90000
KeInsertQueueApc	Apc_unk = 0xfffffa800230d230, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0, PriorityBoost_unk = 0x0, ret_val_out = 1
ZwUnmapViewOfSection	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0x7fffffa0000, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0x14, ret_val_unk_out = 0x0
ZwClose	Handle_unk = 0xffffffff800004f8, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd64.dll, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027db068, FileObject_unk = 0xfffffa80038a9070, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
KeUnstackDetachProcess	ApcState_unk = 0xfffff88002f9da58
PsGetProcessImageFileName	ret_val_out = 0xfffffa80038a4d80
_snprintf	_Count = 0x103, _Format = %s (x64), _Dest_out = spoolsv.exe (x64), ret_val_out = 17
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f9d7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f9db18, FileHandle_out = 0xffffffff800004f8, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9cd80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daf78, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80036b00e0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f9d880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f9d888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff800004f8, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daf78, Irp_unk = 0xfffffa800389fd60, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff800004f8, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, FileInformation_ptr_out = 0xfffff88002f9d7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a0015bae40
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = spoolsv.exe (x64)=, ret_val_out = 18
_strlwr	_Str = spoolsv.exe (x64)=, _Str_out = spoolsv.exe (x64)=, ret_val_out = spoolsv.exe (x64)=
ZwReadFile	FileHandle_unk = 0xffffffff800004f8, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f9d7a0, Buffer_ptr_out = 0xfffff8a0015bae40, Buffer_deref_data_out = BINARY(offset=14041946,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000b7ae40
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5e40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5e40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5e40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80038a9ee0
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80038a9ee0, Irp_unk_out = 0xfffffa80038a9ee0, ret_val_unk_out = 0xfffffa80038a5e40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5e40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5e40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f9d090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = spoolsv.exe (x64)=
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f9d880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f9d888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a0015bae40, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff800004f8, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daf78, FileObject_unk = 0xfffffa80038b3a90, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80036b00e0, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa800389fd60, PriorityBoost = 0
ZwClose	Handle_unk = 0xffffffff800004f0, ret_val_unk_out = 0x0
KeSetEvent	Event_unk = 0xfffffa80038b3bc0, Increment_unk = 0x0, Wait = 0, Event_unk_out = 0xfffffa80038b3bc0, ret_val_out = 0

Execution Path #53 (length: 1118, count: 1, processes: 1)

Information	Value
Sequence Length	1118

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
ZwOpenProcess	DesiredAccess_unk = 0x1fffff, ObjectAttributes_ptr = 0xfffff88002f8fb30, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName_ptr = 0x0, ObjectAttributes_deref_Attributes = 0x200, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ClientId_ptr = 0xfffff88002f8fb20, ClientId_deref_UniqueProcess_unk = 0x5f8, ClientId_deref_UniqueThread_unk = 0x0, ProcessHandle_ptr_out = 0xfffff88002f8fb70, ProcessHandle_out = 0xffffffff800004f8, ret_val_unk_out = 0x0
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cfg.ini, DestinationString_out = \device\000001a9\0d24eb7c\cfg.ini
ZwCreateFile	DesiredAccess_unk = 0x100003, ObjectAttributes_ptr = 0xfffff88002f8f7d8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cfg.ini, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x1, CreateDisposition = 0x3, CreateOptions = 0x22, EaBuffer_ptr = 0x0, EaLength = 0x0, FileHandle_ptr_out = 0xfffff88002f8fb18, FileHandle_out = 0xffffffff8000052c, IoStatusBlock_unk_out = 0xfffff88002f8f7a0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8ed80
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daf78, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80037bc090
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003671350, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x4, BaseAddress_ptr_out = 0xfffff88002f8f880, BaseAddress_out = 0x90000, RegionSize_ptr_out = 0xfffff88002f8f888, RegionSize_out = 0x1000, ret_val_unk_out = 0x0
NtLockFile	FileHandle_unk = 0xffffffff8000052c, Event_unk = 0x0, ApcRoutine_unk = 0x0, ApcContext_ptr = 0x0, ByteOffset_ptr = 0x90010, Length_ptr = 0x90018, Key = 0x0, FailImmediatedly = 0, ExclusiveLock = 1, IoStatusBlock_unk_out = 0x90000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daf78, Irp_unk = 0xfffffa8003671350, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
ZwQueryInformationFile	FileHandle_unk = 0xffffffff8000052c, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff88002f8f7a0, FileInformation_ptr_out = 0xfffff88002f8f7c0, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f0e0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003671350, PriorityBoost = 0
FsRtlAllocatePool	PoolType_unk = 0x1, NumberOfBytes = 0x1b5, ret_val_ptr_out = 0xfffff8a001827c10
_snprintf	_Count = 0x104, _Format = [%s] , _Dest_out = [inject] , ret_val_out = 10
_strlwr	_Str = [inject] , _Str_out = [inject] , ret_val_out = [inject]
_snprintf	_Count = 0x104, _Format = %s=, _Dest_out = *=, ret_val_out = 2
_strlwr	_Str = =, _Str_out = =, ret_val_out = *=
ZwReadFile	FileHandle_unk = 0xffffffff8000052c, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x1b4, ByteOffset = 0x0, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88002f8f7a0, Buffer_ptr_out = 0xfffff8a001827c10, Buffer_deref_data_out = BINARY(offset=17483730,skipped=0,size=436), ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88004031c10
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038bc390
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038bc390, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038bc390
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f090
IdePortDispatch	ret_val_out = 0x103
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038bc390
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038bc390, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038bc390
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f090
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003671350, PriorityBoost = 0
strstr	_Str = [main] version=0.03 aid=66671 sid=0 builddate=351 installdate=6.12.2016 9:36:14 rnd=2040373303 [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31 , _SubStr = [inject] , ret_val_out = [inject] =cmd.dll (x64)=cmd64.dll [cmd] srv=https://lo4undreyk.com/;https://sh01cilewk.com/;https://cap01tchaa.com/;https://kur1k0nona.com/;https://u101mnay2k.com/ wsrv=http://gnarenyawr.com/;http://rinderwayr.com/;http://jukdoout0.com/;http://swltcho0.com/;http://ranmjyuke.com/ psrv=http://crj71ki813ck.com/ version=0.31
strstr	_Str = =cmd.dll (x64)=cmd64.dll , _SubStr = =, ret_val_out = =cmd.dll * (x64)=cmd64.dll
strncpy	_Source = cmd.dll, _Count = 0x104, _Dest_out = cmd.dll, ret_val_out = cmd.dll
ZwFreeVirtualMemory	ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff88002f8f880, BaseAddress = 0x90000, RegionSize_ptr = 0xfffff88002f8f888, FreeType = 0x8000, ret_val_unk_out = 0x0
ExFreePoolWithTag	P_ptr = 0xfffff8a001827c10, Tag = 0x0
ZwClose	Handle_unk = 0xffffffff8000052c, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa8003671350, ret_val_unk_out = 0xfffffa80018ab040
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daf78, FileObject_unk = 0xfffffa800392c400, ProcessId_unk = 0xfffffa80018ab040, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003671350, PriorityBoost = 0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80037bc090, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003671350, PriorityBoost = 0
KeStackAttachProcess	PROCESS_unk = 0xfffffa8003923630, PROCESS_unk_out = 0xfffffa8003923630, ApcState_unk_out = 0xfffff88002f8fa58
_snwprintf	_Count = 0x103, _Format = %s\%S, _Dest_out = \device\000001a9\0d24eb7c\cmd.dll, ret_val_out = 33
RtlInitUnicodeString	SourceString = \device\000001a9\0d24eb7c\cmd.dll, DestinationString_out = \device\000001a9\0d24eb7c\cmd.dll
ZwOpenFile	DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff88002f8fa08, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \device\000001a9\0d24eb7c\cmd.dll, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x1, OpenOptions = 0x20, FileHandle_ptr_out = 0xfffff88002f8f9e8, FileHandle_out = 0xffffffff8000052c, IoStatusBlock_unk_out = 0xfffff88002f8fa48, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8efc0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa8003890e60
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003671350, PriorityBoost = 0
ZwCreateSection	DesiredAccess_unk = 0xf001f, ObjectAttributes = 0x0, MaximumSize_ptr = 0x0, SectionPageProtection = 0x2, AllocationAttributes = 0x8000000, FileHandle_unk = 0xffffffff8000052c, SectionHandle_ptr_out = 0xfffff88002f8f9e0, SectionHandle_out = 0x24, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f0f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003671350, PriorityBoost = 0
ZwMapViewOfSection	SectionHandle_unk = 0x24, ProcessHandle_unk = 0xffffffff800004f8, ZeroBits = 0x0, CommitSize = 0x0, InheritDisposition_unk = 0x2, AllocationType = 0x100000, AccessProtection = 0x2, BaseAddress_ptr_out = 0xfffff88002f8f9d0, BaseAddress_out = 0x7efa0000, SectionOffset_out = 0x0, ViewSize_ptr_out = 0xfffff88002f8fa00, ViewSize_out = 0x9000, ret_val_unk_out = 0x0
RtlImageNtHeader	BaseAddress_ptr = 0x7efa0000, ret_val_unk_out = 0x7efa00f8
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88004032000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f1f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003671350, PriorityBoost = 0
ZwAllocateVirtualMemory	ProcessHandle_unk = 0xffffffff800004f8, ZeroBits = 0x0, AllocationType = 0x3000, Protect = 0x40, BaseAddress_ptr_out = 0xfffff88002f8fae0, BaseAddress_out = 0x10000, RegionSize_ptr_out = 0xfffff88002f8f9f0, RegionSize_out = 0x20000, ret_val_unk_out = 0x0
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cmd.dll, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff8800403a000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = -7
_strnicmp	_Str1 = mbr, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr16, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = ldr64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 9
_strnicmp	_Str1 = drv32, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = drv64, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd.dll, _Str = cmd.dll, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88002f8f230
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
For performance reasons the remaining entries are omitted. Click to download all entries as text file.

Code Block #9 ( EP #17, #16, #19, #20, #33, #36, #38, #39, #46, #50, #51)

Information	Value
Trigger	KiDeliverApc+0x2c7
Start Address	0xfffffa80027ca950

Execution Path #17 (length: 9, count: 5, processes: 5)

Information	Value
Sequence Length	9

Processes

Process	Count
Process 8 (wininit.exe, PID: 372)	1
Process 17 (logonui.exe, PID: 776)	1
Process 36 (dllhost.exe, PID: 840)	1
Process 22 (dllhost.exe, PID: 540)	1
Process 31 (dllhost.exe, PID: 1332)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\wininet.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\shlwapi.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\advapi32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\urlmon.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\ole32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\oleaut32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\crypt32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msasn1.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\iertutil.dll, IgnoreCase = 1, ret_val_out = 0

Execution Path #16 (length: 12, count: 1, processes: 1)

Information	Value
Sequence Length	12

Processes

Process	Count
Process 10 (winlogon.exe, PID: 412)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\wininet.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\shlwapi.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\advapi32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\sechost.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\urlmon.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\ole32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\oleaut32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\crypt32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msasn1.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\iertutil.dll, IgnoreCase = 1, ret_val_out = 0
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800bd3cc00, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800355f000
IdePortDispatch	ret_val_out = 0x103

Execution Path #19 (length: 15, count: 10, processes: 10)

Information	Value
Sequence Length	15

Processes

Process	Count
Process 33 (svchost.exe, PID: 1456)	1
Process 11 (services.exe, PID: 468)	1
Process 13 (lsm.exe, PID: 492)	1
Process 14 (svchost.exe, PID: 592)	1
Process 15 (svchost.exe, PID: 660)	1
Process 16 (svchost.exe, PID: 708)	1
Process 18 (svchost.exe, PID: 828)	1
Process 19 (svchost.exe, PID: 884)	1
Process 21 (svchost.exe, PID: 296)	1
Process 26 (svchost.exe, PID: 1112)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\wininet.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\shlwapi.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\gdi32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\user32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\lpk.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\usp10.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\advapi32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\urlmon.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\ole32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\oleaut32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\crypt32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msasn1.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\iertutil.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\imm32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msctf.dll, IgnoreCase = 1, ret_val_out = 0

Execution Path #20 (length: 16, count: 1, processes: 1)

Information	Value
Sequence Length	16

Processes

Process	Count
Process 12 (lsass.exe, PID: 484)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\wininet.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\shlwapi.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\gdi32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\user32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\lpk.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\usp10.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\advapi32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\sechost.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\urlmon.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\ole32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\oleaut32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\crypt32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msasn1.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\iertutil.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\imm32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msctf.dll, IgnoreCase = 1, ret_val_out = 0

Execution Path #33 (length: 2254, count: 1, processes: 1)

Information	Value
Sequence Length	2254

Processes

Process	Count
Process 2 (System, PID: 4)	1

Sequence

Symbol	Parameters
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c42000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b85000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d01000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d36000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d4c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d50000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003540000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003558000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b05000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c90000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c92000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cea000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d02000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d0a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d22000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d4a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d5c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003590000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003593000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035b7000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035bd000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035c0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035c3000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035c6000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035c9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035cd000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035d1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b4f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b56000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b59000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b5c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b60000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b65000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b89000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b8c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bf9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002def000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002df2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002df5000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003421000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003461000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003464000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003467000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800348e000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003494000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003497000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034bb000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034c1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034e8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034eb000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034ee000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003512000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003515000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003518000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800351b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003521000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003527000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800352b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800352f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003576000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003590000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003598000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035b0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035b8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035d0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035d3000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002def000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003420000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003410000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003418000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003461000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034a9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003511000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003519000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003521000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003539000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003551000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003559000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003561000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003569000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800356d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003585000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800359d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035a5000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035bd000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035c5000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035cd000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035d5000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035dd000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035e5000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b05000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b0d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b15000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b1d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b1f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b27000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b2f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b37000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b3f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b47000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b4f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b57000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b5f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b67000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b6f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b77000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b7f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b87000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b8f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b97000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b9f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000ba7000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000baf000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bb9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bc1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bc9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bd1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bd9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c00000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c08000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c10000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c18000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c20000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c28000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c30000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c38000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c40000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c48000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c50000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c58000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c60000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c68000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c80000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c88000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c90000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c98000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002ca0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002ca8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cb0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cb8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cc0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cc8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002ce0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002ce7000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035d0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035d2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d39000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002def000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b15000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b48000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b6c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b7f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b82000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b95000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b98000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c51000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c75000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cfc000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cff000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d02000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d1a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035c0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035d8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b26000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b2e000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003450000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003482000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800348a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034a2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034aa000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034cd000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034d3000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034d9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034e1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034e9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f4000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034fc000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003504000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800350c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800350f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003512000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003536000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003539000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cdc000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003570000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003582000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003595000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003598000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c31000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c33000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c77000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cff000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d17000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c10000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c18000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c30000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c38000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c40000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c48000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c50000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c58000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c80000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c88000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cb0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cb8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cc0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cc8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002ce0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002ce8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cf0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cf8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d00000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d08000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d1f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d27000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d3f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d47000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d4f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d57000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d5f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d67000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d6f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d77000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034e0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034e8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003520000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003528000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003530000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003538000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003540000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003548000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003550000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003558000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003560000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003568000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035ac000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bc9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bcd000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d40000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d54000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003450000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003468000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003480000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003488000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003490000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003498000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034a0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034a4000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c80000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d6c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034e0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003500000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003508000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003510000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003535000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003558000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800355a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800355d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003560000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003564000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003568000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035df000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b65000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b87000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003460000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003468000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034b0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f4000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800350c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003514000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800352c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800353f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003557000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800355f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003567000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800356a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003582000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800358a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035a2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035a8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002ca0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cf8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034a0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bd9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d2d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d5f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035e0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035e1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003580000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003586000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d30000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d42000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d4a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d4c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bc9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bd1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bf4000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c10000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c22000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003460000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003466000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800347c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035c2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035e7000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c48000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c70000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cb4000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cbc000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cef000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002def000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003421000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003450000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003453000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003456000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003459000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034ed000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034ef000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003514000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003516000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003539000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800353d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003541000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003546000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800356c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800359f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b36000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b39000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b3d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b42000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b47000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b4f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b50000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003470000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003492000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034aa000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034b2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034d4000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034ec000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003504000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003519000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003531000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003539000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800356e000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003586000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800358e000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003593000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035ab000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035b3000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035cb000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035d3000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035d9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b15000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b1d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b35000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b3d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b45000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b4d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b58000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b70000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b78000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b7c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b94000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b9c000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bda000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bf2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c30000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c48000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c70000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c88000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002ca0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cc8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cf8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d1b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d1e000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d31000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d35000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d26000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034d1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bda000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bc9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bcf000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cb0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd6000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cee000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cf3000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d0b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d23000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d2b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d43000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d4b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d53000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d5b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d63000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d6b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d6f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b75000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c10000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c28000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c40000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c48000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c50000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c58000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c60000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c68000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c80000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c88000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c90000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c98000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002ca0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002ca8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cb0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cb8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cdc000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d3f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d52000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d64000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003410000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003422000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003461000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034b4000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034b7000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034ec000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034ef000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034f2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800350a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003533000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800355b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003573000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800357b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003593000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800359b000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035a3000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035ab000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035b3000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035bb000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035c3000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035cb000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035ce000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035d5000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c61000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c69000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c81000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cb9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd1000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cd2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cda000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cf2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002cfa000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d12000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d1a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d1d000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b35000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bd9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c50000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c62000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003450000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003474000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff8800349a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034a0000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034b8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034bf000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b67000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b7f000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000b95000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bda000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bed000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003471000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034a5000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034a8000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034ab000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034ae000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034c2000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880034e6000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bfa000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c21000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c45000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c49000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88000bd9000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c7a000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c80000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c93000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002c96000
IdePortDispatch	ret_val_out = 0x103
For performance reasons the remaining entries are omitted. Click to download all entries as text file.

Execution Path #36 (length: 10, count: 1, processes: 1)

Information	Value
Sequence Length	10

Processes

Process	Count
Process 23 (userinit.exe, PID: 956)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\wininet.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\shlwapi.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\advapi32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\sechost.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\urlmon.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\ole32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\oleaut32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\crypt32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msasn1.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\iertutil.dll, IgnoreCase = 1, ret_val_out = 0

Execution Path #38 (length: 5, count: 1, processes: 1)

Information	Value
Sequence Length	5

Processes

Process	Count
Process 24 (explorer.exe, PID: 320)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\wininet.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\urlmon.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\crypt32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msasn1.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\iertutil.dll, IgnoreCase = 1, ret_val_out = 0

Execution Path #39 (length: 7, count: 1, processes: 1)

Information	Value
Sequence Length	7

Processes

Process	Count
Process 25 (dwm.exe, PID: 1060)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\wininet.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\shlwapi.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\urlmon.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\oleaut32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\crypt32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msasn1.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\iertutil.dll, IgnoreCase = 1, ret_val_out = 0

Execution Path #46 (length: 9, count: 1, processes: 1)

Information	Value
Sequence Length	9

Processes

Process	Count
Process 27 (runonce.exe, PID: 1232)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\SysWOW64\imagehlp.dll, IgnoreCase = 1, ret_val_out = 0
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003559000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003524000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003525000
IdePortDispatch	ret_val_out = 0x103
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88003531000
IdePortDispatch	ret_val_out = 0x103

Execution Path #50 (length: 6, count: 1, processes: 1)

Information	Value
Sequence Length	6

Processes

Process	Count
Process 29 (spoolsv.exe, PID: 1300)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\wininet.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\shlwapi.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\urlmon.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\crypt32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msasn1.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\iertutil.dll, IgnoreCase = 1, ret_val_out = 0

Execution Path #51 (length: 8, count: 3, processes: 3)

Information	Value
Sequence Length	8

Processes

Process	Count
Process 32 (taskhost.exe, PID: 1400)	1
Process 35 (taskhost.exe, PID: 1928)	1
Process 30 (conhost.exe, PID: 1316)	1

Sequence

Symbol	Parameters
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\wininet.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\shlwapi.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\advapi32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\sechost.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\urlmon.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\crypt32.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\msasn1.dll, IgnoreCase = 1, ret_val_out = 0
FsRtlIsNameInExpression	Expression = *\KERNEL32.DLL, Name = \Windows\System32\iertutil.dll, IgnoreCase = 1, ret_val_out = 0

Kernel Graph 2

Code Block #4 ( EP #3, #4, #6, #7, #9, #10, #24, #25, #26, #27, #28, #29, #30, #31, #32, #45, #52, #55, #56, #57, #58, #59, #60, #61, #62, #63, #64, #65, #67)

Information	Value
Trigger	IofCallDriver+0x50
Start Address	0xfffffa80027ca6c0

Execution Path #3 (length: 1, count: 431, processes: 9)

Information	Value
Sequence Length	1

Processes

Process	Count
Process 2 (System, PID: 4)	249
Process 3 (smss.exe, PID: 252)	29
Process 8 (wininit.exe, PID: 372)	1
Process 12 (lsass.exe, PID: 484)	30
Process 16 (svchost.exe, PID: 708)	105
Process 18 (svchost.exe, PID: 828)	4
Process 19 (svchost.exe, PID: 884)	9
Process 27 (runonce.exe, PID: 1232)	2
Process 28 (ping.exe, PID: 1292)	2

Sequence

Symbol	Parameters
IdePortDispatch	ret_val_out = 0x103

Execution Path #4 (length: 1, count: 21, processes: 2)

Information	Value
Sequence Length	1

Processes

Process	Count
Process 2 (System, PID: 4)	17
Process 19 (svchost.exe, PID: 884)	4

Sequence

Symbol	Parameters
PortWdmAlwaysStatusSuccessIrp	ret_val_out = 0x0

Execution Path #6 (length: 1, count: 25, processes: 3)

Information	Value
Sequence Length	1

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	1
Process 2 (System, PID: 4)	15
Process 3 (smss.exe, PID: 252)	9

Sequence

Symbol	Parameters
IdePortDispatchDeviceControl	ret_val_out = 0x0

Execution Path #7 (length: 2, count: 2983, processes: 21)

Information	Value
Sequence Length	2

Processes

Process	Count
Process 2 (System, PID: 4)	635
Process 3 (smss.exe, PID: 252)	9
Process 4 (autochk.exe, PID: 268)	1
Process 6 (csrss.exe, PID: 324)	1
Process 8 (wininit.exe, PID: 372)	1
Process 11 (services.exe, PID: 468)	1
Process 12 (lsass.exe, PID: 484)	13
Process 34 (jusched.exe, PID: 1528)	23
Process 14 (svchost.exe, PID: 592)	1
Process 15 (svchost.exe, PID: 660)	1
Process 16 (svchost.exe, PID: 708)	69
Process 17 (logonui.exe, PID: 776)	1
Process 18 (svchost.exe, PID: 828)	24
Process 19 (svchost.exe, PID: 884)	1745
Process 22 (dllhost.exe, PID: 540)	1
Process 24 (explorer.exe, PID: 320)	116
Process 26 (svchost.exe, PID: 1112)	1
Process 27 (runonce.exe, PID: 1232)	83
Process 28 (ping.exe, PID: 1292)	181
Process 30 (conhost.exe, PID: 1316)	5
Process 31 (dllhost.exe, PID: 1332)	71

Sequence

Symbol	Parameters
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff88002d8a000
IdePortDispatch	ret_val_out = 0x103

Execution Path #9 (length: 1, count: 14, processes: 4)

Information	Value
Sequence Length	1

Processes

Process	Count
Process 2 (System, PID: 4)	2
Process 3 (smss.exe, PID: 252)	10
Process 14 (svchost.exe, PID: 592)	1
Process 6 (csrss.exe, PID: 324)	1

Sequence

Symbol	Parameters
IdePortDispatchPnp	ret_val_out = 0x0

Execution Path #10 (length: 1, count: 2, processes: 1)

Information	Value
Sequence Length	1

Processes

Process	Count
Process 2 (System, PID: 4)	2

Sequence

Symbol	Parameters
IdePortDispatchSystemControl	ret_val_out = 0xc0000001

Execution Path #24 (length: 17, count: 14, processes: 1)

Information	Value
Sequence Length	17

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	14

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b22c0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daff0, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80034ef270
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0

Execution Path #25 (length: 6, count: 7115, processes: 2)

Information	Value
Sequence Length	6

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	7089
Process 28 (ping.exe, PID: 1292)	26

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
FsRtlProcessFileLock	FileLock_unk = 0xfffffa80027daff0, Irp_unk = 0xfffffa80034e8010, Context_ptr = 0x0, ret_val_unk_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion

Execution Path #26 (length: 13, count: 3545, processes: 2)

Information	Value
Sequence Length	13

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	3532
Process 28 (ping.exe, PID: 1292)	13

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b2620
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0

Execution Path #27 (length: 20, count: 3530, processes: 2)

Information	Value
Sequence Length	20

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	3517
Process 28 (ping.exe, PID: 1292)	13

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002c84000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b25d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b25d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0

Execution Path #28 (length: 8, count: 3560, processes: 2)

Information	Value
Sequence Length	8

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	3544
Process 28 (ping.exe, PID: 1292)	16

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoGetRequestorProcess	Irp_unk = 0xfffffa80034e8010, ret_val_unk_out = 0xfffffa80034fca60
FsRtlFastUnlockAll	FileLock_unk = 0xfffffa80027daff0, FileObject_unk = 0xfffffa80036a0070, ProcessId_unk = 0xfffffa80034fca60, Context_ptr = 0x0, ret_val_unk_out = 0xc000007e
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0

Execution Path #29 (length: 7, count: 3560, processes: 2)

Information	Value
Sequence Length	7

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	3544
Process 28 (ping.exe, PID: 1292)	16

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
ExFreePoolWithTag	P_ptr = 0xfffffa80034ef270, Tag = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0

Execution Path #30 (length: 32, count: 2, processes: 1)

Information	Value
Sequence Length	32

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	2

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88002c9e056
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1270, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b2580
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b2580
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b2550
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1270, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003648530
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003648530, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003648530
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b25f0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0

Execution Path #31 (length: 37, count: 3, processes: 2)

Information	Value
Sequence Length	37

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	2
Process 28 (ping.exe, PID: 1292)	1

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1270, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b2630
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b2630
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b2630
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b2600
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1270, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b26a0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0

Execution Path #32 (length: 27, count: 1376, processes: 1)

Information	Value
Sequence Length	27

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	1376

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\lsash.xp, ret_val_out = 17
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800cbf0920
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800cbf0920, Irp_unk_out = 0xfffffa800cbf0920, ret_val_unk_out = 0xfffffa8003655930
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003655930, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003655930
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b22c0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -9
_strnicmp	_Str1 = mbr, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = ldr16, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -15
_strnicmp	_Str1 = ldr32, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -15
_strnicmp	_Str1 = ldr64, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -15
_strnicmp	_Str1 = drv32, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = drv64, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd.dll, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -9
_strnicmp	_Str1 = cmd64.dll, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -9
_strnicmp	_Str1 = bckfg.tmp, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -10
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80034e8010, PriorityBoost = 0

Execution Path #45 (length: 18, count: 3530, processes: 2)

Information	Value
Sequence Length	18

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	3517
Process 28 (ping.exe, PID: 1292)	13

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003874560
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003874560, Irp_unk_out = 0xfffffa8003874560, ret_val_unk_out = 0xfffffa8003239bb0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003239bb0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003239bb0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b22c0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daf78, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa800d5f7ef0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003828ee0, PriorityBoost = 0

Execution Path #52 (length: 26, count: 1, processes: 1)

Information	Value
Sequence Length	26

Processes

Process	Count
Process 28 (ping.exe, PID: 1292)	1

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80038a5e40, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff8800356d1ae
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1270, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880027da580
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880027da580
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800389fd60
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800389fd60, Irp_unk_out = 0xfffffa800389fd60, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880027da550
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8003671350, PriorityBoost = 0

Execution Path #55 (length: 27, count: 3, processes: 1)

Information	Value
Sequence Length	27

Processes

Process	Count
Process 28 (ping.exe, PID: 1292)	3

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\bckfg.tmp, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800393ec30
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800393ec30, Irp_unk_out = 0xfffffa800393ec30, ret_val_unk_out = 0xfffffa80038277e0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038277e0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038277e0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880027da2c0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = mbr, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 11
_strnicmp	_Str1 = ldr16, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr32, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr64, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = drv32, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 2
_strnicmp	_Str1 = drv64, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 2
_strnicmp	_Str1 = cmd.dll, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd64.dll, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = bckfg.tmp, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd.dll, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd64.dll, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
strncpy	_Source = bckfg.tmp, _Count = 0x10, _Dest_out = bckfg.tmp, ret_val_out = bckfg.tmp
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daf78, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80037b0300
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80028a3850, PriorityBoost = 0

Execution Path #56 (length: 22, count: 2, processes: 1)

Information	Value
Sequence Length	22

Processes

Process	Count
Process 28 (ping.exe, PID: 1292)	2

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\bckfg.tmp, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800393ec30
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800393ec30, Irp_unk_out = 0xfffffa800393ec30, ret_val_unk_out = 0xfffffa80038277e0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038277e0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038277e0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880027da620
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = mbr, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 11
_strnicmp	_Str1 = ldr16, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr32, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr64, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = drv32, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 2
_strnicmp	_Str1 = drv64, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 2
_strnicmp	_Str1 = cmd.dll, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd64.dll, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = bckfg.tmp, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80028a3850, PriorityBoost = 0

Execution Path #57 (length: 35, count: 1, processes: 1)

Information	Value
Sequence Length	35

Processes

Process	Count
Process 28 (ping.exe, PID: 1292)	1

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\bckfg.tmp, ret_val_out = 18
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa80038277e0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000010, ret_val_ptr_out = 0xfffff88000bc6350
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800393ec30
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800393ec30, Irp_unk_out = 0xfffffa800393ec30, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880027da5d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = mbr, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 11
_strnicmp	_Str1 = ldr16, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr32, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = ldr64, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 10
_strnicmp	_Str1 = drv32, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 2
_strnicmp	_Str1 = drv64, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 2
_strnicmp	_Str1 = cmd.dll, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = cmd64.dll, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = bckfg.tmp, _Str = bckfg.tmp, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800393ec30
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800393ec30, Irp_unk_out = 0xfffffa800393ec30, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880027da5d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa800393ec30
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa800393ec30, Irp_unk_out = 0xfffffa800393ec30, ret_val_unk_out = 0xfffffa80038a5010
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa80038a5010, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa80038a5010
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880027da5d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80028a3850, PriorityBoost = 0

Execution Path #58 (length: 12, count: 12, processes: 1)

Information	Value
Sequence Length	12

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	12

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80039d7d20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80039d7d20, Irp_unk_out = 0xfffffa80039d7d20, ret_val_unk_out = 0xfffffa8003b87f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003b87f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003b87f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b2620
IdePortDispatch	ret_val_out = 0x103
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8007ffba30, PriorityBoost = 0

Execution Path #59 (length: 19, count: 13, processes: 1)

Information	Value
Sequence Length	19

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	13

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003b87f40, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000b21000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80039d7d20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80039d7d20, Irp_unk_out = 0xfffffa80039d7d20, ret_val_unk_out = 0xfffffa8003baf190
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003baf190, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003baf190
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b25d0
IdePortDispatch	ret_val_out = 0x103
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80039d7d20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80039d7d20, Irp_unk_out = 0xfffffa80039d7d20, ret_val_unk_out = 0xfffffa8003baf190
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003baf190, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003baf190
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b25d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8007ffba30, PriorityBoost = 0

Execution Path #60 (length: 26, count: 3, processes: 1)

Information	Value
Sequence Length	26

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	3

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\lsash.xp, ret_val_out = 17
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003aa6e20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003aa6e20, Irp_unk_out = 0xfffffa8003aa6e20, ret_val_unk_out = 0xfffffa8003b87f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003b87f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003b87f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b22c0
IdePortDispatch	ret_val_out = 0x103
_strnicmp	_Str1 = cfg.ini, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -9
_strnicmp	_Str1 = mbr, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = ldr16, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -15
_strnicmp	_Str1 = ldr32, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -15
_strnicmp	_Str1 = ldr64, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -15
_strnicmp	_Str1 = drv32, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = drv64, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd.dll, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -9
_strnicmp	_Str1 = cmd64.dll, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -9
_strnicmp	_Str1 = bckfg.tmp, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -10
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80039d7d20, PriorityBoost = 0

Execution Path #61 (length: 17, count: 14, processes: 1)

Information	Value
Sequence Length	17

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	14

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003aa6e20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003aa6e20, Irp_unk_out = 0xfffffa8003aa6e20, ret_val_unk_out = 0xfffffa8003b87f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003b87f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003b87f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028da2c0
IdePortDispatch	ret_val_out = 0x103
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
_strnicmp	_Str1 = cmd.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
_strnicmp	_Str1 = cmd64.dll, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 7
strncpy	_Source = cfg.ini, _Count = 0x10, _Dest_out = cfg.ini, ret_val_out = cfg.ini
FsRtlInitializeFileLock	FileLock_unk = 0xfffffa80027daf78, CompleteLockIrpRoutine_unk = 0x0, UnlockRoutine_unk = 0x0
FsRtlAllocatePool	PoolType_unk = 0x0, NumberOfBytes = 0x50, ret_val_ptr_out = 0xfffffa80039d78b0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80039d7d20, PriorityBoost = 0

Execution Path #62 (length: 19, count: 13, processes: 1)

Information	Value
Sequence Length	19

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	13

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003baf190, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002d5c000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003aa6e20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003aa6e20, Irp_unk_out = 0xfffffa8003aa6e20, ret_val_unk_out = 0xfffffa8003b87f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003b87f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003b87f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028cc5d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003aa6e20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003aa6e20, Irp_unk_out = 0xfffffa8003aa6e20, ret_val_unk_out = 0xfffffa8003b87f40
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003b87f40, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003b87f40
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028cc5d0
IdePortDispatch	ret_val_out = 0x103
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80039d7d20, PriorityBoost = 0

Execution Path #63 (length: 12, count: 1, processes: 1)

Information	Value
Sequence Length	12

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	1

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003aa6e20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003aa6e20, Irp_unk_out = 0xfffffa8003aa6e20, ret_val_unk_out = 0xfffffa8003baf190
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003baf190, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003baf190
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b2620
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
ExReleaseFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IofCompleteRequest	Irp_unk = 0xfffffa80039d7d20, PriorityBoost = 0

Execution Path #64 (length: 19, count: 1, processes: 1)

Information	Value
Sequence Length	19

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	1

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003b863b0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88002c61000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003aa6e20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003aa6e20, Irp_unk_out = 0xfffffa8003aa6e20, ret_val_unk_out = 0xfffffa8003aab1d0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003aab1d0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003aab1d0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b25d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8003aa6e20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8003aa6e20, Irp_unk_out = 0xfffffa8003aa6e20, ret_val_unk_out = 0xfffffa8003aab1d0
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003aab1d0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003aab1d0
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b25d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa80039d7d20, PriorityBoost = 0

Execution Path #65 (length: 26, count: 1, processes: 1)

Information	Value
Sequence Length	26

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	1

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\lsash.xp, ret_val_out = 17
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa80039d7d20
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa80039d7d20, Irp_unk_out = 0xfffffa80039d7d20, ret_val_unk_out = 0xfffffa8003baf190
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003baf190, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003baf190
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028b22c0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -9
_strnicmp	_Str1 = mbr, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = 1
_strnicmp	_Str1 = ldr16, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -15
_strnicmp	_Str1 = ldr32, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -15
_strnicmp	_Str1 = ldr64, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -15
_strnicmp	_Str1 = drv32, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = drv64, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -8
_strnicmp	_Str1 = cmd.dll, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -9
_strnicmp	_Str1 = cmd64.dll, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -9
_strnicmp	_Str1 = bckfg.tmp, _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -10
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
_strnicmp	_Str1 = , _Str = lsash.xp, _MaxCount = 0x10, ret_val_out = -108
KeLeaveCriticalRegion
IofCompleteRequest	Irp_unk = 0xfffffa8007ffba30, PriorityBoost = 0

Execution Path #67 (length: 17, count: 1, processes: 1 incomplete)

Information	Value
Sequence Length	17

Processes

Process	Count
Process 19 (svchost.exe, PID: 884)	1

Sequence

Symbol	Parameters
_snprintf	_Count = 0x103, _Format = %.*S, _Dest_out = 0d24eb7c\cfg.ini, ret_val_out = 16
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe	FastMutex_unk = 0xfffffa80027d3898, FastMutex_unk_out = 0xfffffa80027d3898
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa8003b863b0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff880034c6000
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8007ffba30
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8007ffba30, Irp_unk_out = 0xfffffa8007ffba30, ret_val_unk_out = 0xfffffa8003baf190
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003baf190, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003baf190
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028da5d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject	ret_val_out = 0x0
_strnicmp	_Str1 = cfg.ini, _Str = cfg.ini, _MaxCount = 0x10, ret_val_out = 0
IoAllocateIrp	StackSize = 1, ChargeQuota = 0, ret_val_unk_out = 0xfffffa8007ffba30
IoAllocateMdl	VirtualAddress_ptr = 0xfffffa80027d1670, Length = 0x200, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0xfffffa8007ffba30, Irp_unk_out = 0xfffffa8007ffba30, ret_val_unk_out = 0xfffffa8003baf190
MmProbeAndLockPages	MemoryDescriptorList_unk = 0xfffffa8003baf190, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8003baf190
KeInitializeEvent	Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff880028da5d0
IdePortDispatch	ret_val_out = 0x103
KeWaitForMutexObject

Kernel Graph 3

Code Block #10 ( EP #18)

Information	Value
Trigger	unknown_0xfffffa80027ca000+0x896
Start Address	0xfffff800028f27a0

Execution Path #18 (length: 1, count: 3, processes: 2)

Information	Value
Sequence Length	1

Processes

Process	Count
Process 8 (wininit.exe, PID: 372)	1
Process 28 (ping.exe, PID: 1292)	2

Sequence

Symbol	Parameters
MmMapLockedPagesSpecifyCache	MemoryDescriptorList_unk = 0xfffffa800c1b4440, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff80000000000, ret_val_ptr_out = 0xfffff880035a5000