Virtualization & Automation: How to troubleshoot a "STOP 0xC000021A" error

The STOP 0xC000021A error occurs when either Winlogon.exe or Csrss.exe fails. When the Windows NT kernel detects that either of these processes has stopped, it stops the system and raises the STOP 0xC000021A error. Error may have several causes. Few are given below.

Mismatched system files have been installed.
A Service Pack installation has failed.
A backup program that is used to restore a hard disk did not correctly restore files that may have been in use.
An incompatible third-party program has been installed.

To troubleshoot the issue, Set up Dr. Watson to trap user-mode program errors, follow these steps:

At a command prompt, type System Root\System32\Drwtsn32.exe -I, and then press ENTER.

This command configures Dr. Watson as the default system debugger.
At a command prompt, type System Root\System32\Drwtsn32.exe, and then select the following options:
Append to existing log file
Create crash dump
Visual Notification

After the computer restarts from the STOP 0xC000021A error, run Dr. Watson (Drwtsn32.exe).
Now we have an Dr. Watson log.
Open the log file and Read Till end.

Microsoft (R) DrWtsn32
Copyright (C) 1985-2002 Microsoft Corp. All rights reserved.

Application exception occurred:
        App: C:\WINDOWS\system32\winlogon.exe (pid=428)
        When: 17-May-12 @ 12:42:01.250
        Exception number: c0000096 (privileged instruction)
*----> System Information <----*
        Computer Name: TERMINAL-P
        User Name: SYSTEM
        Terminal Session Id: 0
        Number of Processors: 4
        Processor Type: x86 Family 15 Model 4 Stepping 1
        Windows Version: 5.2
        Current Build: 3790
        Service Pack: 2
        Current Type: Multiprocessor Free
        Registered Organization:
        Registered Owner: smil
*----> Task List <----*
   0 System Process
   4 System
344 smss.exe
404 Error 0xD0000022
428 winlogon.exe
476 services.exe
488 lsass.exe
644 svchost.exe
728 Error 0xD0000022
800 Error 0xD0000022
848 Error 0xD0000022
864 svchost.exe
1000 spoolsv.exe
1032 Error 0xD0000022
1200 svchost.exe
1236 EngineServer.exe
1264 FrameworkService.exe
1392 VsTskMgr.exe
1428 mfevtps.exe
1476 Error 0xD0000022
1500 CNAB4RPK.EXE
1508 Error 0xD0000022
1536 Error 0xD0000022
1608 snmp.exe
1676 lserver.exe
1756 naPrdMgr.exe
1868 cpqnimgt.exe
1944 cqmgserv.exe
1964 cqmgstor.exe
2000 Mcshield.exe
2232 sysdown.exe
2248 Error 0xD0000022
2260 wmiprvse.exe
2408 cqmghost.exe
2856 svchost.exe
2900 Error 0xD0000022
3136 svchost.exe
3440 drwtsn32.exe
*----> Module List <----*
0000000001000000 - 0000000001087000: C:\WINDOWS\system32\winlogon.exe
0000000001350000 - 0000000001615000: C:\WINDOWS\system32\xpsp2res.dll
0000000010000000 - 000000001000b000: C:\WINDOWS\system32\VMUpgradeAtShutdownWXP.dll
0000000041000000 - 0000000041079000: C:\WINDOWS\system32\TPSvc.dll
000000004dc30000 - 000000004dc5e000: C:\WINDOWS\system32\msctfime.ime
000000005a120000 - 000000005a128000: C:\WINDOWS\system32\dimsntfy.dll
000000005ca40000 - 000000005ca48000: C:\WINDOWS\system32\sclgntfy.dll
000000005f120000 - 000000005f12e000: C:\WINDOWS\System32\ntlanman.dll
000000005f860000 - 000000005f891000: C:\WINDOWS\System32\NETUI1.dll
000000005f8a0000 - 000000005f8b6000: C:\WINDOWS\System32\NETUI0.dll
0000000068000000 - 0000000068035000: C:\WINDOWS\system32\rsaenh.dll
0000000069390000 - 00000000693bf000: C:\WINDOWS\system32\WBEM\framedyn.dll
0000000071b70000 - 0000000071ba6000: C:\WINDOWS\system32\UxTheme.dll
0000000071bd0000 - 0000000071be1000: C:\WINDOWS\system32\MPR.dll
0000000071bf0000 - 0000000071bf8000: C:\WINDOWS\system32\WS2HELP.dll
0000000071c00000 - 0000000071c17000: C:\WINDOWS\system32\WS2_32.dll
0000000071c20000 - 0000000071c32000: C:\WINDOWS\system32\tsappcmp.dll
0000000071c40000 - 0000000071c97000: C:\WINDOWS\system32\NETAPI32.dll
00000000722f0000 - 00000000722f5000: C:\WINDOWS\system32\SensApi.dll
0000000072430000 - 000000007244b000: C:\WINDOWS\system32\WINSCARD.DLL
0000000073070000 - 0000000073097000: C:\WINDOWS\system32\WINSPOOL.DRV
0000000073ca0000 - 0000000073cb2000: C:\WINDOWS\system32\cryptnet.dll
0000000075800000 - 0000000075809000: C:\WINDOWS\system32\PROFMAP.dll
0000000075810000 - 0000000075818000: C:\WINDOWS\system32\NDdeApi.dll
0000000075820000 - 000000007583b000: C:\WINDOWS\system32\WlNotify.dll
0000000075840000 - 000000007596c000: C:\WINDOWS\system32\MSGINA.dll
0000000075da0000 - 0000000075e5d000: C:\WINDOWS\system32\sxs.dll
0000000075e60000 - 0000000075e87000: C:\WINDOWS\system32\apphelp.dll
0000000075e90000 - 0000000075e97000: C:\WINDOWS\System32\drprov.dll
0000000075ea0000 - 0000000075eaa000: C:\WINDOWS\System32\davclnt.dll
0000000076190000 - 00000000761a2000: C:\WINDOWS\system32\MSASN1.dll
00000000761b0000 - 0000000076243000: C:\WINDOWS\system32\CRYPT32.dll
0000000076290000 - 00000000762ad000: C:\WINDOWS\system32\IMM32.DLL
00000000762b0000 - 00000000762f9000: C:\WINDOWS\system32\comdlg32.dll
0000000076520000 - 000000007653d000: C:\WINDOWS\system32\cscdll.dll
0000000076920000 - 00000000769e2000: C:\WINDOWS\system32\USERENV.dll
0000000076aa0000 - 0000000076acd000: C:\WINDOWS\system32\WINMM.dll
0000000076b10000 - 0000000076b15000: C:\WINDOWS\system32\sfc.dll
0000000076b40000 - 0000000076b63000: C:\WINDOWS\system32\SHSVCS.dll
0000000076b70000 - 0000000076b7b000: C:\WINDOWS\system32\PSAPI.DLL
0000000076bb0000 - 0000000076bdb000: C:\WINDOWS\system32\WINTRUST.dll
0000000076be0000 - 0000000076c0b000: C:\WINDOWS\system32\sfc_os.dll
0000000076c10000 - 0000000076c38000: C:\WINDOWS\system32\imagehlp.dll
0000000076c40000 - 0000000076c54000: C:\WINDOWS\system32\AUTHZ.dll
0000000076c90000 - 0000000076cb7000: C:\WINDOWS\system32\msv1_0.dll
0000000076cf0000 - 0000000076d0a000: C:\WINDOWS\system32\iphlpapi.dll
0000000076e30000 - 0000000076e3c000: C:\WINDOWS\system32\rtutils.dll
0000000076e40000 - 0000000076e52000: C:\WINDOWS\system32\rasman.dll
0000000076e60000 - 0000000076e8f000: C:\WINDOWS\system32\TAPI32.dll
0000000076e90000 - 0000000076ecf000: C:\WINDOWS\system32\RASAPI32.dll
0000000076f00000 - 0000000076f08000: C:\WINDOWS\system32\WTSAPI32.dll
0000000076f10000 - 0000000076f3e000: C:\WINDOWS\system32\wldap32.dll
0000000076f50000 - 0000000076f63000: C:\WINDOWS\system32\Secur32.dll
0000000077010000 - 00000000770d6000: C:\WINDOWS\system32\COMRes.dll
00000000770e0000 - 00000000771e8000: C:\WINDOWS\system32\SETUPAPI.dll
00000000771f0000 - 0000000077201000: C:\WINDOWS\system32\WINSTA.dll
0000000077380000 - 0000000077411000: C:\WINDOWS\system32\USER32.dll
0000000077420000 - 0000000077523000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\Comctl32.dll
0000000077530000 - 00000000775c7000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.4770_x-ww_A689AB02\COMCTL32.dll
0000000077670000 - 00000000777a9000: C:\WINDOWS\system32\ole32.dll
00000000777b0000 - 0000000077833000: C:\WINDOWS\system32\CLBCatQ.DLL
0000000077910000 - 0000000077921000: C:\WINDOWS\system32\REGAPI.dll
0000000077b90000 - 0000000077b98000: C:\WINDOWS\system32\VERSION.dll
0000000077ba0000 - 0000000077bfa000: C:\WINDOWS\system32\msvcrt.dll
0000000077c00000 - 0000000077c48000: C:\WINDOWS\system32\GDI32.dll
0000000077c50000 - 0000000077cef000: C:\WINDOWS\system32\RPCRT4.dll
0000000077d00000 - 0000000077d8b000: C:\WINDOWS\system32\OLEAUT32.dll
0000000077da0000 - 0000000077df2000: C:\WINDOWS\system32\SHLWAPI.dll
0000000077e00000 - 0000000077e21000: C:\WINDOWS\system32\NTMARTA.DLL
0000000077e40000 - 0000000077f42000: C:\WINDOWS\system32\kernel32.dll
0000000077f50000 - 0000000077feb000: C:\WINDOWS\system32\ADVAPI32.dll
0000000078130000 - 00000000781cb000: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262B86\MSVCR80.dll
000000007c800000 - 000000007c8c0000: C:\WINDOWS\system32\ntdll.dll
000000007c8d0000 - 000000007d0ce000: C:\WINDOWS\system32\shell32.dll
000000007e020000 - 000000007e02f000: C:\WINDOWS\system32\SAMLIB.dll
*----> State Dump for Thread Id 0x1b0 <----*
eax=00000000 ebx=00c31a28 ecx=0006f714 edx=00c4af9c esi=0000015c edi=00000000
eip=7c8285ec esp=0006fdcc ebp=0006fe3c iopl=0         nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000297
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\system32\winlogon.exe
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0006fe3c 77e61c8d 0000015c 00001388 00000000 ntdll!KiFastSystemCallRet
0006fe50 01039308 0000015c 00001388 00000000 kernel32!WaitForSingleObject+0x12
0006fe78 01020293 0007aa18 00000003 00000000 winlogon+0x39308
0006fe94 010206bd 0007aa18 0000000b 00000002 winlogon+0x20293
0006fee0 010380ec 0007aa18 0000000b 77e62f9d winlogon+0x206bd
0006ff08 01031b33 0007aa18 ffffffff 00000004 winlogon+0x380ec
0006ff50 0103e33b 0007aa18 00000000 000724e4 winlogon+0x31b33
0006fff4 00000000 7ffd8000 000000c8 00000138 winlogon+0x3e33b
*----> Raw Stack Dump <----*
000000000006fdcc 0b 7d 82 7c 1e 1d e6 77 - 5c 01 00 00 00 00 00 00 .}.|...w\.......
000000000006fddc 10 fe 06 00 05 00 00 00 - c8 22 08 00 28 1a c3 00 ........."..(...
000000000006fdec 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $...............
000000000006fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000006fe0c 00 00 00 00 80 0f 05 fd - ff ff ff ff 00 80 fd 7f ................
000000000006fe1c 10 fe 06 00 02 01 00 00 - e0 fd 06 00 00 00 00 00 ................
000000000006fe2c d0 fe 06 00 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ....`..wH..w....
000000000006fe3c 50 fe 06 00 8d 1c e6 77 - 5c 01 00 00 88 13 00 00 P......w\.......
000000000006fe4c 00 00 00 00 78 fe 06 00 - 08 93 03 01 5c 01 00 00 ....x.......\...
000000000006fe5c 88 13 00 00 00 00 00 00 - 00 00 00 00 18 aa 07 00 ................
000000000006fe6c a0 0b 00 00 08 00 00 00 - 5c 01 00 00 94 fe 06 00 ........\.......
000000000006fe7c 93 02 02 01 18 aa 07 00 - 03 00 00 00 00 00 00 00 ................
000000000006fe8c 18 aa 07 00 01 00 00 00 - e0 fe 06 00 bd 06 02 01 ................
000000000006fe9c 18 aa 07 00 0b 00 00 00 - 02 00 00 00 18 aa 07 00 ................
000000000006feac 00 00 00 00 00 00 00 00 - 00 00 00 00 3c 0c 00 00 ............<...
000000000006febc e0 be 07 00 58 01 00 00 - 01 00 00 00 a4 fe 06 00 ....X...........
000000000006fecc e0 fe 06 00 e4 ff 06 00 - ff e3 03 01 40 26 01 01 ............@&..
000000000006fedc ff ff ff ff 08 ff 06 00 - ec 80 03 01 18 aa 07 00 ................
000000000006feec 0b 00 00 00 9d 2f e6 77 - 04 20 e4 77 00 00 00 00 ...../.w. .w....
000000000006fefc 00 00 00 00 0b 00 00 00 - 00 02 00 00 50 ff 06 00 ............P...
*----> State Dump for Thread Id 0x1c8 <----*
eax=0079fd4c ebx=00c237b8 ecx=0079fd24 edx=7c8285ec esi=00082f80 edi=00000000
eip=7c8285ec esp=0079fe1c ebp=0079ff84 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0079ff84 77c88792 0079ffac 77c8872d 00082f80 ntdll!KiFastSystemCallRet
0079ff8c 77c8872d 00082f80 00000000 00000000 RPCRT4!I_RpcFree+0xbd0
0079ffac 77c7b110 00082b18 0079ffec 77e64829 RPCRT4!I_RpcFree+0xb6b
0079ffb8 77e64829 0007cb60 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba
0079ffec 00000000 77c7b0f5 0007cb60 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
000000000079fe1c 3b 78 82 7c ac 85 c8 77 - 90 01 00 00 74 ff 79 00 ;x.|...w....t.y.
000000000079fe2c 38 fe 79 00 b8 37 c2 00 - 54 ff 79 00 44 00 5c 00 8.y..7..T.y.D.\.
000000000079fe3c 00 00 00 00 60 03 00 00 - a4 03 00 00 70 55 00 00 ....`.......pU..
000000000079fe4c 00 00 00 00 02 78 00 00 - 01 00 00 00 00 d0 b0 00 .....x..........
000000000079fe5c c2 78 00 00 b7 bf 00 00 - 00 e0 b0 00 c2 78 00 00 .x...........x..
000000000079fe6c b8 bf 00 00 00 00 00 00 - dd 04 00 00 00 00 00 00 ................
000000000079fe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 10 b1 00 ................
000000000079fe8c c2 78 00 00 bb bf 00 00 - 00 20 b1 00 c2 78 00 00 .x....... ...x..
000000000079fe9c bc bf 00 00 00 30 b1 00 - c2 78 00 00 bd bf 00 00 .....0...x......
000000000079feac 00 40 b1 00 c2 78 00 00 - be bf 00 00 00 50 b1 00 .@...x.......P..
000000000079febc c2 78 00 00 bf bf 00 00 - 00 60 b1 00 00 00 00 00 .x.......`......
000000000079fecc ae 01 a8 80 00 00 00 00 - 00 00 00 00 02 02 08 00 ................
000000000079fedc e0 1b 4b f6 d9 03 a8 80 - 02 00 00 00 00 00 00 00 ..K.............
000000000079feec f4 03 a8 80 00 00 00 00 - 02 00 00 00 f0 1b 4b f6 ..............K.
000000000079fefc 56 04 a8 80 00 00 00 00 - 00 00 00 00 1c 1c 4b f6 V.............K.
000000000079ff0c c7 d5 83 80 88 51 25 8a - 30 52 25 8a 03 00 00 00 .....Q%.0R%.....
000000000079ff1c 88 51 25 8a 03 00 00 00 - ff ff ff ff 03 00 00 00 .Q%.............
000000000079ff2c 7c fa 73 f7 84 ff 79 00 - a6 84 c8 77 4c ff 79 00 |.s...y....wL.y.
000000000079ff3c b6 84 c8 77 ab a3 81 7c - 48 31 08 00 60 cb 07 00 ...w...|H1..`...
000000000079ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[.....
*----> State Dump for Thread Id 0x1cc <----*
eax=77c7b0f5 ebx=00082ba4 ecx=00000000 edx=00000000 esi=00083710 edi=7c81a3ab
eip=7c8285ec esp=007dff74 ebp=007dff8c iopl=0         nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000286
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
007dff8c 77c88768 00015f90 00000000 00000000 ntdll!KiFastSystemCallRet
007dffac 77c7b110 00082b18 007dffec 77e64829 RPCRT4!I_RpcFree+0xba6
007dffb8 77e64829 00083738 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba
007dffec 00000000 77c7b0f5 00083738 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
00000000007dff74 4b 6f 82 7c 4c 88 c8 77 - 01 00 00 00 84 ff 7d 00 Ko.|L..w......}.
00000000007dff84 00 17 5b ca ff ff ff ff - ac ff 7d 00 68 87 c8 77 ..[.......}.h..w
00000000007dff94 90 5f 01 00 00 00 00 00 - 00 00 00 00 38 37 08 00 ._..........87..
00000000007dffa4 38 37 08 00 90 5f 01 00 - b8 ff 7d 00 10 b1 c7 77 87..._....}....w
00000000007dffb4 18 2b 08 00 ec ff 7d 00 - 29 48 e6 77 38 37 08 00 .+....}.)H.w87..
00000000007dffc4 00 00 00 00 00 00 00 00 - 38 37 08 00 00 00 00 00 ........87......
00000000007dffd4 c4 ff 7d 00 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..}.].......`..w
00000000007dffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............
00000000007dfff4 f5 b0 c7 77 38 37 08 00 - 00 00 00 00 00 00 00 00 ...w87..........
00000000007e0004 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000007e0014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000007e0024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000007e0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000007e0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000007e0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000007e0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000007e0074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000007e0084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000007e0094 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000007e00a4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
*----> State Dump for Thread Id 0x1d0 <----*
eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=7c8285ec esp=0081ffa0 ebp=0081ffb8 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0081ffb8 77e64829 00000000 00000000 00000000 ntdll!KiFastSystemCallRet
0081ffec 00000000 7c83d3dd 00000000 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
000000000081ffa0 4b 6f 82 7c 24 d4 83 7c - 01 00 00 00 b0 ff 81 00 Ko.|$..|........
000000000081ffb0 00 00 00 00 00 00 00 80 - ec ff 81 00 29 48 e6 77 ............)H.w
000000000081ffc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000081ffd0 00 00 00 00 c4 ff 81 00 - 5d 06 85 80 ff ff ff ff ........].......
000000000081ffe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........
000000000081fff0 00 00 00 00 dd d3 83 7c - 00 00 00 00 00 00 00 00 .......|........
0000000000820000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000820010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000820020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000820030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000820040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000820050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000820060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000820070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000820080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000820090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008200a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008200b0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008200c0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008200d0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
*----> State Dump for Thread Id 0x1d8 <----*
eax=77c7b0f5 ebx=00015f90 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=7c8285ec esp=008afeb0 ebp=008afedc iopl=0         nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000297
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
008afedc 77c7b900 000001b4 008aff14 008aff04 ntdll!KiFastSystemCallRet
008aff18 77c7b703 00015f90 008aff6c 008aff70 RPCRT4!NdrFullPointerInsertRefId+0xbaa
008aff84 77c7b9b5 008affac 77c8872d 00084af8 RPCRT4!NdrFullPointerInsertRefId+0x9ad
008aff8c 77c8872d 00084af8 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0xc5f
008affac 77c7b110 00082b18 008affec 77e64829 RPCRT4!I_RpcFree+0xb6b
008affb8 77e64829 00085458 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba
008affec 00000000 77c7b0f5 00085458 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
00000000008afeb0 db 77 82 7c a2 be e5 77 - b4 01 00 00 04 ff 8a 00 .w.|...w........
00000000008afec0 f4 fe 8a 00 d4 fe 8a 00 - cc fe 8a 00 00 17 5b ca ..............[.
00000000008afed0 ff ff ff ff 00 00 00 00 - 93 99 00 00 18 ff 8a 00 ................
00000000008afee0 00 b9 c7 77 b4 01 00 00 - 14 ff 8a 00 04 ff 8a 00 ...w............
00000000008afef0 0c ff 8a 00 90 5f 01 00 - 00 00 00 00 f8 4a 08 00 ....._.......J..
00000000008aff00 80 16 e6 77 58 54 08 00 - b4 01 00 00 f8 4a 08 00 ...wXT.......J..
00000000008aff10 c0 00 75 00 c0 00 75 00 - 84 ff 8a 00 03 b7 c7 77 ..u...u........w
00000000008aff20 90 5f 01 00 6c ff 8a 00 - 70 ff 8a 00 7c ff 8a 00 ._..l...p...|...
00000000008aff30 64 ff 8a 00 68 ff 8a 00 - 78 ff 8a 00 58 54 08 00 d...h...x...XT..
00000000008aff40 ab a3 81 7c 30 54 08 00 - 58 54 08 00 b4 01 00 00 ...|0T..XT......
00000000008aff50 00 00 00 00 01 00 00 00 - 00 00 00 00 01 00 00 00 ................
00000000008aff60 00 00 00 00 93 99 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008aff70 00 00 00 00 90 5f 01 00 - 00 00 00 00 b4 01 00 00 ....._..........
00000000008aff80 c0 00 75 00 8c ff 8a 00 - b5 b9 c7 77 ac ff 8a 00 ..u........w....
00000000008aff90 2d 87 c8 77 f8 4a 08 00 - 00 00 00 00 00 00 00 00 -..w.J..........
00000000008affa0 58 54 08 00 58 54 08 00 - 00 70 fd 7f b8 ff 8a 00 XT..XT...p......
00000000008affb0 10 b1 c7 77 18 2b 08 00 - ec ff 8a 00 29 48 e6 77 ...w.+......)H.w
00000000008affc0 58 54 08 00 00 00 00 00 - 00 00 00 00 58 54 08 00 XT..........XT..
00000000008affd0 00 00 00 00 c4 ff 8a 00 - 5d 06 85 80 ff ff ff ff ........].......
00000000008affe0 60 1a e6 77 30 48 e6 77 - 00 00 00 00 00 00 00 00 `..w0H.w........
*----> State Dump for Thread Id 0x1e4 <----*
eax=000000c0 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000001
eip=7c8285ec esp=008efcf0 ebp=008effb8 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
008effb8 77e64829 00000000 00000000 00000000 ntdll!KiFastSystemCallRet
008effec 00000000 7c83c643 00000000 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
00000000008efcf0 fb 7c 82 7c 8e c7 83 7c - 08 00 00 00 34 fd 8e 00 .|.|...|....4...
00000000008efd00 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efd10 00 00 00 00 00 00 00 00 - 88 96 88 7c 88 96 88 7c ...........|...|
00000000008efd20 fc 01 00 00 e4 01 00 00 - 08 00 00 00 08 00 00 00 ................
00000000008efd30 07 00 00 00 ec 01 00 00 - f4 01 00 00 04 02 00 00 ................
00000000008efd40 68 02 00 00 94 06 00 00 - 9c 06 00 00 b4 02 00 00 h...............
00000000008efd50 8c 06 00 00 8c 06 00 00 - 50 08 00 00 3c 08 00 00 ........P...<...
00000000008efd60 3c 08 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 <...............
00000000008efd70 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efd80 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efd90 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efda0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efdb0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efdc0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efdd0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efde0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efdf0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efe00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efe10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000008efe20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
*----> State Dump for Thread Id 0x298 <----*
eax=00b60000 ebx=00000003 ecx=0092f75c edx=00001000 esi=76be2978 edi=00000000
eip=7c8285ec esp=0092ff68 ebp=0092ffb8 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0092ffb8 77e64829 00000000 00000000 00000000 ntdll!KiFastSystemCallRet
0092ffec 00000000 76becac1 00000000 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
000000000092ff68 fb 7c 82 7c 84 ce be 76 - 03 00 00 00 f0 75 11 00 .|.|...v.....u..
000000000092ff78 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000092ff88 00 00 00 00 00 00 00 00 - 28 8f 11 00 ac a6 14 00 ........(.......
000000000092ff98 a4 a6 14 00 f0 75 11 00 - 80 a6 14 00 00 00 00 00 .....u..........
000000000092ffa8 b8 d8 b9 00 20 8f 11 00 - 88 cc b9 00 03 00 00 00 .... ...........
000000000092ffb8 ec ff 92 00 29 48 e6 77 - 00 00 00 00 00 00 00 00 ....)H.w........
000000000092ffc8 00 00 00 00 00 00 00 00 - 00 00 00 00 c4 ff 92 00 ................
000000000092ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w
000000000092ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 c1 ca be 76 ...............v
000000000092fff8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000930008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000930018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000930028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000930038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000930048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000930058 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000930068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000930078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000930088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000930098 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
*----> State Dump for Thread Id 0x29c <----*
eax=77c7b0f5 ebx=00b9a218 ecx=00000000 edx=00000000 esi=00c1fee0 edi=00000000
eip=7c8285ec esp=0096fe1c ebp=0096ff84 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0096ff84 77c88792 0096ffac 77c8872d 00c1fee0 ntdll!KiFastSystemCallRet
0096ff8c 77c8872d 00c1fee0 00000000 00000000 RPCRT4!I_RpcFree+0xbd0
0096ffac 77c7b110 00082b18 0096ffec 77e64829 RPCRT4!I_RpcFree+0xb6b
0096ffb8 77e64829 00b9a218 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba
0096ffec 00000000 77c7b0f5 00b9a218 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
000000000096fe1c 3b 78 82 7c ac 85 c8 77 - 70 06 00 00 74 ff 96 00 ;x.|...wp...t...
000000000096fe2c 00 00 00 00 50 01 c2 00 - 00 00 00 00 ff 07 00 00 ....P...........
000000000096fe3c 4c 50 0d 00 20 87 bf 82 - 00 00 00 00 4c 50 0d 00 LP.. .......LP..
000000000096fe4c 50 3b 15 f6 3d 1a a8 80 - cc ed 8a 80 20 71 73 f7 P;..=....... qs.
000000000096fe5c 00 00 00 00 46 02 00 00 - 5c 3b 15 f6 73 1a a8 80 ....F...\;..s...
000000000096fe6c fc 07 30 c0 04 00 00 00 - 02 00 00 00 7d 7d 83 80 ..0.........}}..
000000000096fe7c 04 00 00 00 fc 07 30 c0 - 58 ff 1f c0 00 00 00 00 ......0.X.......
000000000096fe8c 56 04 a8 80 58 ff 1f c0 - 00 00 00 00 00 98 8b 80 V...X...........
000000000096fe9c 94 3b 15 f6 56 04 a8 80 - 00 00 00 00 00 98 8b 80 .;..V...........
000000000096feac 60 3c 15 f6 6d e5 a7 80 - 88 e1 84 80 f8 db 20 8a `<..m......... .
000000000096febc 48 e3 59 8a 70 e5 59 8a - 00 00 00 00 00 00 00 00 H.Y.p.Y.........
000000000096fecc ae 01 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 ................
000000000096fedc e0 3b 15 f6 d9 03 a8 80 - 02 00 00 00 00 00 00 00 .;..............
000000000096feec f4 03 a8 80 00 00 00 00 - 02 00 00 00 f0 3b 15 f6 .............;..
000000000096fefc 56 04 a8 80 00 00 00 00 - 00 00 00 00 1c 3c 15 f6 V............<..
000000000096ff0c c7 d5 83 80 c0 7c 48 8a - 68 7d 48 8a 01 00 00 00 .....|H.h}H.....
000000000096ff1c c0 7c 48 8a 03 00 00 00 - ff ff ff ff 01 00 00 00 .|H.............
000000000096ff2c 7c fa 72 f7 84 ff 96 00 - a6 84 c8 77 4c ff 96 00 |.r........wL...
000000000096ff3c b6 84 c8 77 ab a3 81 7c - c8 ff c1 00 18 a2 b9 00 ...w...|........
000000000096ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[.....
*----> State Dump for Thread Id 0x2a0 <----*
eax=00b607a8 ebx=0014a680 ecx=01d95ac9 edx=01df37cf esi=76be2978 edi=00000000
eip=7c8285ec esp=009eff58 ebp=009effb8 iopl=0         nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000202
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
009effb8 77e64829 00c20258 00000000 00000000 ntdll!KiFastSystemCallRet
009effec 00000000 76bec805 0014a680 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
00000000009eff58 fb 7c 82 7c 80 ca be 76 - 40 00 00 00 c0 d8 b9 00 .|.|...v@.......
00000000009eff68 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000009eff78 00 00 00 00 80 a6 14 00 - 00 00 00 00 01 00 00 00 ................
00000000009eff88 02 00 00 00 04 00 00 00 - 08 00 00 00 10 00 00 00 ................
00000000009eff98 01 00 00 00 01 00 00 00 - c4 cc f3 f5 5e 00 85 80 ............^...
00000000009effa8 00 00 00 00 88 cc b9 00 - f0 cd b9 00 1c 00 00 00 ................
00000000009effb8 ec ff 9e 00 29 48 e6 77 - 58 02 c2 00 00 00 00 00 ....)H.wX.......
00000000009effc8 00 00 00 00 80 a6 14 00 - 00 00 00 00 c4 ff 9e 00 ................
00000000009effd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w
00000000009effe8 00 00 00 00 00 00 00 00 - 00 00 00 00 05 c8 be 76 ...............v
00000000009efff8 80 a6 14 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000009f0008 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000009f0018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000009f0028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000009f0038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000009f0048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000009f0058 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000009f0068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000009f0078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000009f0088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
*----> State Dump for Thread Id 0x2a4 <----*
eax=76bec805 ebx=0014a68c ecx=00000000 edx=00000000 esi=76be2978 edi=00c20cb0
eip=7c8285ec esp=00a2ff58 ebp=00a2ffb8 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
00a2ffb8 77e64829 00c208a0 00000000 00000000 ntdll!KiFastSystemCallRet
00a2ffec 00000000 76bec805 0014a68c 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
0000000000a2ff58 fb 7c 82 7c 80 ca be 76 - 40 00 00 00 c8 d9 b9 00 .|.|...v@.......
0000000000a2ff68 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000a2ff78 00 00 00 00 8c a6 14 00 - 00 00 00 00 01 00 00 00 ................
0000000000a2ff88 02 00 00 00 04 00 00 00 - 08 00 00 00 10 00 00 00 ................
0000000000a2ff98 01 00 00 00 01 00 00 00 - c4 8c f3 f5 5e 00 85 80 ............^...
0000000000a2ffa8 00 00 00 00 70 d2 b9 00 - 00 02 00 00 ab 77 82 7c ....p........w.|
0000000000a2ffb8 ec ff a2 00 29 48 e6 77 - a0 08 c2 00 00 00 00 00 ....)H.w........
0000000000a2ffc8 00 00 00 00 8c a6 14 00 - 00 00 00 00 c4 ff a2 00 ................
0000000000a2ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w
0000000000a2ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 05 c8 be 76 ...............v
0000000000a2fff8 8c a6 14 00 00 00 00 00 - 50 50 50 50 50 50 50 50 ........PPPPPPPP
0000000000a30008 50 50 50 50 50 50 50 50 - 50 50 50 4b 50 50 50 50 PPPPPPPPPPPKPPPP
0000000000a30018 50 50 50 50 50 50 50 50 - 50 50 50 50 50 50 50 50 PPPPPPPPPPPPPPPP
0000000000a30028 50 50 50 50 50 50 50 50 - 50 50 50 50 50 50 50 50 PPPPPPPPPPPPPPPP
0000000000a30038 4b 50 50 50 50 50 50 50 - 50 50 50 50 50 50 50 50 KPPPPPPPPPPPPPPP
0000000000a30048 50 50 50 50 50 50 50 50 - 50 50 50 50 50 50 50 50 PPPPPPPPPPPPPPPP
0000000000a30058 50 50 50 50 50 50 50 50 - 50 50 50 50 50 50 50 50 PPPPPPPPPPPPPPPP
0000000000a30068 50 50 50 50 50 50 50 50 - 4f 4e 4f 4e 4e 4e 37 37 PPPPPPPPONONNN77
0000000000a30078 36 37 36 36 37 55 55 54 - 54 54 54 2b 54 82 2b 82 67667UUTTTT+T.+.
0000000000a30088 63 2b 3e 63 63 63 63 63 - 63 63 62 62 62 62 64 3d c+>cccccccbbbbd=
*----> State Dump for Thread Id 0x2a8 <----*
eax=00b60000 ebx=0014a698 ecx=00c9fd1c edx=00001000 esi=76be2978 edi=00c212f8
eip=7c8285ec esp=00c9ff58 ebp=00c9ffb8 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
00c9ffb8 77e64829 00c20ee8 00000000 00000000 ntdll!KiFastSystemCallRet
00c9ffec 00000000 76bec805 0014a698 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
0000000000c9ff58 fb 7c 82 7c 80 ca be 76 - 05 00 00 00 40 7d 08 00 .|.|...v....@}..
0000000000c9ff68 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000c9ff78 00 00 00 00 98 a6 14 00 - 00 00 00 00 01 00 00 00 ................
0000000000c9ff88 02 00 00 00 04 00 00 00 - 08 00 00 00 10 00 00 00 ................
0000000000c9ff98 01 00 00 00 01 00 00 00 - c4 4c f3 f5 5e 00 85 80 .........L..^...
0000000000c9ffa8 00 00 00 00 58 d8 b9 00 - 00 02 00 00 ab 77 82 7c ....X........w.|
0000000000c9ffb8 ec ff c9 00 29 48 e6 77 - e8 0e c2 00 00 00 00 00 ....)H.w........
0000000000c9ffc8 00 00 00 00 98 a6 14 00 - 00 00 00 00 c4 ff c9 00 ................
0000000000c9ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w
0000000000c9ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 05 c8 be 76 ...............v
0000000000c9fff8 98 a6 14 00 00 00 00 00 - 44 44 44 44 44 44 44 44 ........DDDDDDDD
0000000000ca0008 44 44 44 44 44 44 44 44 - 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD
0000000000ca0018 44 44 44 44 44 44 44 44 - 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD
0000000000ca0028 44 44 44 44 44 44 44 44 - 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD
0000000000ca0038 44 44 44 44 44 44 44 44 - 44 44 44 44 44 44 44 44 DDDDDDDDDDDDDDDD
0000000000ca0048 44 44 44 44 44 44 44 44 - 44 44 44 44 44 96 44 24 DDDDDDDDDDDDD.D$
0000000000ca0058 31 44 43 24 43 43 43 2d - 2d 2d 2d 6c 2d 2d 32 71 1DC$CCC----l--2q
0000000000ca0068 32 32 2f 32 32 2f 36 73 - 26 26 26 35 26 34 35 34 22/22/6s&&&5&454
0000000000ca0078 25 34 34 75 75 75 30 75 - 74 38 38 74 37 37 37 37 %44uuu0ut88t7777
0000000000ca0088 47 47 4a 77 76 4a 76 76 - 76 39 39 39 39 39 39 79 GGJwvJvvv999999y
*----> State Dump for Thread Id 0x2d0 <----*
eax=00000001 ebx=00c241c8 ecx=0007a710 edx=0007a70c esi=00082f80 edi=00000000
eip=7c8285ec esp=00d3fe1c ebp=00d3ff84 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
00d3ff84 77c88792 00d3ffac 77c8872d 00082f80 ntdll!KiFastSystemCallRet
00d3ff8c 77c8872d 00082f80 00000000 00000000 RPCRT4!I_RpcFree+0xbd0
00d3ffac 77c7b110 00082b18 00d3ffec 77e64829 RPCRT4!I_RpcFree+0xb6b
00d3ffb8 77e64829 00085bd8 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba
00d3ffec 00000000 77c7b0f5 00085bd8 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
0000000000d3fe1c 3b 78 82 7c ac 85 c8 77 - 90 01 00 00 74 ff d3 00 ;x.|...w....t...
0000000000d3fe2c 38 fe d3 00 c8 41 c2 00 - 54 ff d3 00 44 00 5c 00 8....A..T...D.\.
0000000000d3fe3c 00 00 00 00 60 03 00 00 - a4 03 00 00 8a 55 00 00 ....`........U..
0000000000d3fe4c 00 00 00 00 02 cb e7 f5 - 01 00 93 80 78 59 21 8a ............xY!.
0000000000d3fe5c 90 59 21 8a 70 9e b8 8a - 7e 01 00 00 e4 32 50 c0 .Y!.p...~....2P.
0000000000d3fe6c 0d 02 00 00 00 00 00 00 - dd 04 00 00 00 00 00 00 ................
0000000000d3fe7c 00 00 00 00 00 00 00 00 - 00 00 00 00 07 00 00 00 ................
0000000000d3fe8c 00 50 70 c0 78 59 21 8a - 98 26 50 c0 c8 de 75 e1 .Pp.xY!..&P...u.
0000000000d3fe9c 4c 03 00 00 00 00 00 00 - 10 1b 6c 8a b4 cb e7 f5 L.........l.....
0000000000d3feac a7 82 81 80 c4 cb e7 f5 - 04 00 00 00 00 00 00 00 ................
0000000000d3febc 10 1b 6c 8a 14 d1 5b 8a - 07 0d 00 00 00 00 00 00 ..l...[.........
0000000000d3fecc ae 01 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 ................
0000000000d3fedc e0 cb e7 f5 d9 03 a8 80 - 02 00 00 00 00 00 00 00 ................
0000000000d3feec f4 03 a8 80 00 00 00 00 - 02 00 00 00 f0 cb e7 f5 ................
0000000000d3fefc 56 04 a8 80 00 00 00 00 - 00 00 00 00 1c cc e7 f5 V...............
0000000000d3ff0c c7 d5 83 80 f0 63 24 8a - 98 64 24 8a 00 00 00 00 .....c$..d$.....
0000000000d3ff1c f0 63 24 8a 03 00 00 00 - ff ff ff ff 00 00 00 00 .c$.............
0000000000d3ff2c 7c fa df ff 84 ff d3 00 - a6 84 c8 77 4c ff d3 00 |..........wL...
0000000000d3ff3c b6 84 c8 77 ab a3 81 7c - 70 26 c2 00 d8 5b 08 00 ...w...|p&...[..
0000000000d3ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[.....
*----> State Dump for Thread Id 0x404 <----*
eax=00c2d7b0 ebx=00e0ff10 ecx=00000017 edx=00000062 esi=00e0ff18 edi=7ffd8000
eip=7c8285ec esp=00e0fec4 ebp=00e0ff6c iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USERENV.dll -
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
00e0ff6c 77e62fbe 00000003 769cd34c 00000000 ntdll!KiFastSystemCallRet
00e0ff88 76929e35 00000003 769cd34c 00000000 kernel32!WaitForMultipleObjects+0x18
00e0ffb8 77e64829 00000000 00000000 00000000 USERENV!ExpandEnvironmentStringsForUserW+0x6f2
00e0ffec 00000000 76929dd9 00000000 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
0000000000e0fec4 fb 7c 82 7c 2c 20 e6 77 - 03 00 00 00 10 ff e0 00 .|.|, .w........
0000000000e0fed4 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e0fee4 f8 d3 9c 76 6f 3e e6 77 - 24 00 00 00 01 00 00 00 ...vo>.w$.......
0000000000e0fef4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e0ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 30 07 00 00 ............0...
0000000000e0ff14 34 07 00 00 f4 07 00 00 - 59 9f 82 7c 20 1c e4 77 4.......Y..| ..w
0000000000e0ff24 00 00 07 00 00 00 00 00 - 30 1c e4 77 00 00 00 00 ........0..w....
0000000000e0ff34 00 00 00 00 00 80 fd 7f - 2c 01 2e 01 00 00 00 00 ........,.......
0000000000e0ff44 10 ff e0 00 00 00 00 00 - 00 00 00 00 03 00 00 00 ................
0000000000e0ff54 e0 fe e0 00 00 00 00 00 - dc ff e0 00 60 1a e6 77 ............`..w
0000000000e0ff64 f8 1f e6 77 00 00 00 00 - 88 ff e0 00 be 2f e6 77 ...w........./.w
0000000000e0ff74 03 00 00 00 4c d3 9c 76 - 00 00 00 00 ff ff ff ff ....L..v........
0000000000e0ff84 00 00 00 00 b8 ff e0 00 - 35 9e 92 76 03 00 00 00 ........5..v....
0000000000e0ff94 4c d3 9c 76 00 00 00 00 - ff ff ff ff 00 00 00 00 L..v............
0000000000e0ffa4 00 00 00 00 00 00 00 00 - 00 00 92 76 03 00 00 00 ...........v....
0000000000e0ffb4 00 00 00 00 ec ff e0 00 - 29 48 e6 77 00 00 00 00 ........)H.w....
0000000000e0ffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e0ffd4 c4 ff e0 00 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ....].......`..w
0000000000e0ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............
0000000000e0fff4 d9 9d 92 76 00 00 00 00 - 00 00 00 00 00 00 00 00 ...v............
*----> State Dump for Thread Id 0xccc <----*
eax=77c7b0f5 ebx=00000100 ecx=00000000 edx=00000000 esi=00c30258 edi=00000000
eip=7c8285ec esp=00edfe1c ebp=00edff84 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
00edff84 77c88792 00edffac 77c8872d 00c30258 ntdll!KiFastSystemCallRet
00edff8c 77c8872d 00c30258 00000000 00000000 RPCRT4!I_RpcFree+0xbd0
00edffac 77c7b110 00082b18 00edffec 77e64829 RPCRT4!I_RpcFree+0xb6b
00edffb8 77e64829 00c2c550 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba
00edffec 00000000 77c7b0f5 00c2c550 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
0000000000edfe1c 3b 78 82 7c ac 85 c8 77 - cc 07 00 00 74 ff ed 00 ;x.|...w....t...
0000000000edfe2c 00 00 00 00 68 1b c3 00 - 54 ff ed 00 f3 63 0e f6 ....h...T....c..
0000000000edfe3c 30 d6 41 8a 04 1c 2e f5 - 2d 00 00 00 5e 61 0e f6 0.A.....-...^a..
0000000000edfe4c 30 40 13 8a 90 bf 1c 8a - 50 50 0e f6 00 d6 41 8a 0@......PP....A.
0000000000edfe5c 18 d6 41 8a 70 9e b8 8a - c8 0a 00 00 00 00 00 00 ..A.p...........
0000000000edfe6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000edfe7c 98 e4 69 8a 94 1b 2e f5 - e0 90 92 80 50 8d 03 e1 ..i.........P...
0000000000edfe8c 11 00 00 00 00 d6 41 8a - 03 00 1f 00 50 8d 03 e1 ......A.....P...
0000000000edfe9c ec 01 00 00 00 00 00 00 - d8 83 14 e1 38 1d 2e f5 ............8...
0000000000edfeac b0 1b 2e f5 92 91 92 80 - 50 8d 03 e1 03 00 1f 00 ........P.......
0000000000edfebc 00 d6 41 8a 70 9e b8 8a - 00 00 00 00 00 00 00 00 ..A.p...........
0000000000edfecc ae 01 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 ................
0000000000edfedc e0 1b 2e f5 d9 03 a8 80 - 02 00 00 00 00 00 00 00 ................
0000000000edfeec f4 03 a8 80 00 00 00 00 - 02 00 00 00 f0 1b 2e f5 ................
0000000000edfefc 56 04 a8 80 00 00 00 00 - 00 00 00 00 1c 1c 2e f5 V...............
0000000000edff0c c7 d5 83 80 e8 a1 6c 89 - 90 a2 6c 89 02 00 00 00 ......l...l.....
0000000000edff1c e8 a1 6c 89 03 00 00 00 - ff ff ff ff 02 00 00 00 ..l.............
0000000000edff2c 7c 7a 73 f7 84 ff ed 00 - a6 84 c8 77 4c ff ed 00 |zs........wL...
0000000000edff3c b6 84 c8 77 ab a3 81 7c - d0 d1 c3 00 50 c5 c2 00 ...w...|....P...
0000000000edff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[.....
*----> State Dump for Thread Id 0xd9c <----*
eax=77c7b0f5 ebx=00c30d80 ecx=00000000 edx=00000000 esi=000832a8 edi=00000000
eip=7c8285ec esp=010cfe1c ebp=010cff84 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
010cff84 77c88792 010cffac 77c8872d 000832a8 ntdll!KiFastSystemCallRet
010cff8c 77c8872d 000832a8 00000000 00000000 RPCRT4!I_RpcFree+0xbd0
010cffac 77c7b110 00082b18 010cffec 77e64829 RPCRT4!I_RpcFree+0xb6b
010cffb8 77e64829 00c30d80 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba
010cffec 00000000 77c7b0f5 00c30d80 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
00000000010cfe1c 3b 78 82 7c ac 85 c8 77 - 70 01 00 00 74 ff 0c 01 ;x.|...wp...t...
00000000010cfe2c 00 00 00 00 28 0e c3 00 - 4c ff 0c 01 ff 07 00 00 ....(...L.......
00000000010cfe3c cc 21 0c 00 20 2b a3 82 - 00 00 00 00 cc 21 0c 00 .!.. +.......!..
00000000010cfe4c 50 fb 54 f5 3d 1a a8 80 - c8 ed 8a 80 20 f1 72 f7 P.T.=....... .r.
00000000010cfe5c 00 00 00 00 46 02 00 00 - 5c fb 54 f5 73 1a a8 80 ....F...\.T.s...
00000000010cfe6c fc 07 30 c0 02 00 00 00 - 02 00 00 00 7d 7d 83 80 ..0.........}}..
00000000010cfe7c 02 00 00 00 fc 07 30 c0 - 58 ff 1f c0 00 00 00 00 ......0.X.......
00000000010cfe8c 56 04 a8 80 58 ff 1f c0 - 00 00 00 00 00 98 8b 80 V...X...........
00000000010cfe9c 94 fb 54 f5 56 04 a8 80 - 00 00 00 00 00 98 8b 80 ..T.V...........
00000000010cfeac 60 fc 54 f5 6d e5 a7 80 - 88 e1 84 80 30 92 5b 8a `.T.m.......0.[.
00000000010cfebc 08 7d 2b 8a 30 7f 2b 8a - 00 00 00 00 00 00 00 00 .}+.0.+.........
00000000010cfecc ae 01 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 ................
00000000010cfedc e0 fb 54 f5 d9 03 a8 80 - 02 00 00 00 00 00 00 00 ..T.............
00000000010cfeec f4 03 a8 80 00 00 00 00 - 02 00 00 00 f0 fb 54 f5 ..............T.
00000000010cfefc 56 04 a8 80 00 00 00 00 - 00 00 00 00 1c fc 54 f5 V.............T.
00000000010cff0c c7 d5 83 80 00 bd 6f 89 - a8 bd 6f 89 01 00 00 00 ......o...o.....
00000000010cff1c 00 bd 6f 89 03 00 00 00 - ff ff ff ff 01 00 00 00 ..o.............
00000000010cff2c 7c fa 72 f7 84 ff 0c 01 - a6 84 c8 77 4c ff 0c 01 |.r........wL...
00000000010cff3c b6 84 c8 77 ab a3 81 7c - 58 0d c3 00 80 0d c3 00 ...w...|X.......
00000000010cff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[.....
*----> State Dump for Thread Id 0xdc8 <----*
eax=0118fcec ebx=00000000 ecx=00000000 edx=00c404b0 esi=00082f80 edi=00000000
eip=7c8285ec esp=0118fe1c ebp=0118ff84 iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0118ff84 77c88792 0118ffac 77c8872d 00082f80 ntdll!KiFastSystemCallRet
0118ff8c 77c8872d 00082f80 00000000 00000000 RPCRT4!I_RpcFree+0xbd0
0118ffac 77c7b110 00082b18 0118ffec 77e64829 RPCRT4!I_RpcFree+0xb6b
0118ffb8 77e64829 0014b790 00000000 00000000 RPCRT4!NdrFullPointerInsertRefId+0x3ba
0118ffec 00000000 77c7b0f5 0014b790 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
000000000118fe1c 3b 78 82 7c ac 85 c8 77 - 90 01 00 00 74 ff 18 01 ;x.|...w....t...
000000000118fe2c 00 00 00 00 38 0f c3 00 - 54 ff 18 01 44 00 5c 00 ....8...T...D.\.
000000000118fe3c 00 00 00 00 60 03 00 00 - 64 03 00 00 d2 47 00 00 ....`...d....G..
000000000118fe4c 00 00 00 00 02 90 5d 8a - 01 00 0e f6 a0 80 42 8a ......].......B.
000000000118fe5c b8 80 42 8a 70 9e b8 8a - 13 0b 00 00 5e 61 0e f6 ..B.p.......^a..
000000000118fe6c 30 40 13 8a 5c 0c 00 00 - 00 00 00 00 00 00 00 00 0@..\...........
000000000118fe7c b0 6d 25 8a 94 7b 98 f5 - e0 90 92 80 50 8d 03 e1 .m%..{......P...
000000000118fe8c 11 00 00 00 a0 80 42 8a - 03 00 1f 00 50 8d 03 e1 ......B.....P...
000000000118fe9c 08 04 00 00 00 00 00 00 - 10 88 14 e1 38 7d 98 f5 ............8}..
000000000118feac b0 7b 98 f5 92 91 92 80 - 50 8d 03 e1 03 00 1f 00 .{......P.......
000000000118febc a0 80 42 8a 70 9e b8 8a - 00 00 00 00 00 00 00 00 ..B.p...........
000000000118fecc ae 01 a8 80 00 00 00 00 - 00 00 00 00 02 02 00 00 ................
000000000118fedc e0 7b 98 f5 d9 03 a8 80 - 02 00 00 00 00 00 00 00 .{..............
000000000118feec f4 03 a8 80 00 00 00 00 - 02 00 00 00 f0 7b 98 f5 .............{..
000000000118fefc 56 04 a8 80 00 00 00 00 - 00 00 00 00 1c 7c 98 f5 V............|..
000000000118ff0c c7 d5 83 80 80 f5 52 8a - 28 f6 52 8a 00 00 00 00 ......R.(.R.....
000000000118ff1c 80 f5 52 8a 03 00 00 00 - ff ff ff ff 00 00 00 00 ..R.............
000000000118ff2c 7c fa df ff 84 ff 18 01 - a6 84 c8 77 4c ff 18 01 |..........wL...
000000000118ff3c b6 84 c8 77 ab a3 81 7c - 00 ae 08 00 90 b7 14 00 ...w...|........
000000000118ff4c 00 a2 2f 4d ff ff ff ff - 00 17 5b ca ff ff ff ff ../M......[.....
*----> State Dump for Thread Id 0xd4 <----*
eax=771f1786 ebx=00000000 ecx=00002150 edx=00c2be40 esi=7c889638 edi=7c889080
eip=7c8285ec esp=0134ff74 ebp=0134ffb8 iopl=0         nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000286
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0134ffb8 77e64829 00000000 00000000 00000000 ntdll!KiFastSystemCallRet
0134ffec 00000000 7c839efb 00000000 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
000000000134ff74 db 77 82 7c 38 9f 83 7c - b0 01 00 00 b0 ff 34 01 .w.|8..|......4.
000000000134ff84 b4 ff 34 01 9c ff 34 01 - a4 ff 34 01 00 00 00 00 ..4...4...4.....
000000000134ff94 00 00 00 00 00 00 00 00 - 00 00 00 00 28 d7 c2 00 ............(...
000000000134ffa4 00 7c 28 e8 ff ff ff ff - 00 00 00 00 ca a9 83 7c .|(............|
000000000134ffb4 b0 8a 07 00 ec ff 34 01 - 29 48 e6 77 00 00 00 00 ......4.)H.w....
000000000134ffc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000134ffd4 c4 ff 34 01 5d 06 85 80 - ff ff ff ff 60 1a e6 77 ..4.].......`..w
000000000134ffe4 30 48 e6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 0H.w............
000000000134fff4 fb 9e 83 7c 00 00 00 00 - 00 00 00 00 4d 5a 90 00 ...|........MZ..
0000000001350004 03 00 00 00 04 00 00 00 - ff ff 00 00 b8 00 00 00 ................
0000000001350014 00 00 00 00 40 00 00 00 - 00 00 00 00 00 00 00 00 ....@...........
0000000001350024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000001350034 00 00 00 00 00 00 00 00 - c0 00 00 00 0e 1f ba 0e ................
0000000001350044 00 b4 09 cd 21 b8 01 4c - cd 21 54 68 69 73 20 70 ....!..L.!This p
0000000001350054 72 6f 67 72 61 6d 20 63 - 61 6e 6e 6f 74 20 62 65 rogram cannot be
0000000001350064 20 72 75 6e 20 69 6e 20 - 44 4f 53 20 6d 6f 64 65   run in DOS mode
0000000001350074 2e 0d 0d 0a 24 00 00 00 - 00 00 00 00 69 12 d1 da ....$.......i...
0000000001350084 2d 73 bf 89 2d 73 bf 89 - 2d 73 bf 89 ee 7c e1 89 -s..-s..-s...|..
0000000001350094 2c 73 bf 89 ee 7c e5 89 - 2c 73 bf 89 52 69 63 68 ,s...|..,s..Rich
00000000013500a4 2d 73 bf 89 00 00 00 00 - 00 00 00 00 00 00 00 00 -s..............
*----> State Dump for Thread Id 0x128 <----*
eax=00000000 ebx=00007530 ecx=0128ff0c edx=7c8285ec esi=000008cc edi=00000000
eip=7c8285ec esp=0128ff18 ebp=0128ff88 iopl=0         nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000297
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0128ff88 776bbadf 000008cc 00007530 00000000 ntdll!KiFastSystemCallRet
0128ffac 776b1704 00000000 0128ffec 77e64829 ole32!CoFreeUnusedLibrariesEx+0x190
0128ffb8 77e64829 00c421f8 00000000 00000000 ole32!CoRegisterChannelHook+0x538
0128ffec 00000000 776b16e4 00c421f8 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
000000000128ff18 0b 7d 82 7c 1e 1d e6 77 - cc 08 00 00 00 00 00 00 .}.|...w........
000000000128ff28 5c ff 28 01 96 1c e6 77 - f8 21 c4 00 30 75 00 00 \.(....w.!..0u..
000000000128ff38 24 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 $...............
000000000128ff48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000128ff58 00 00 00 00 00 5d 1e ee - ff ff ff ff 00 80 fd 7f .....]..........
000000000128ff68 5c ff 28 01 dc 65 79 77 - 2c ff 28 01 30 75 00 00 \.(..eyw,.(.0u..
000000000128ff78 dc ff 28 01 60 1a e6 77 - 48 1d e6 77 00 00 00 00 ..(.`..wH..w....
000000000128ff88 ac ff 28 01 df ba 6b 77 - cc 08 00 00 30 75 00 00 ..(...kw....0u..
000000000128ff98 00 00 00 00 00 00 00 00 - f8 21 c4 00 00 00 67 77 .........!....gw
000000000128ffa8 f8 21 c4 00 b8 ff 28 01 - 04 17 6b 77 00 00 00 00 .!....(...kw....
000000000128ffb8 ec ff 28 01 29 48 e6 77 - f8 21 c4 00 00 00 00 00 ..(.)H.w.!......
000000000128ffc8 00 00 00 00 f8 21 c4 00 - 00 00 00 00 c4 ff 28 01 .....!........(.
000000000128ffd8 5d 06 85 80 ff ff ff ff - 60 1a e6 77 30 48 e6 77 ].......`..w0H.w
000000000128ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 e4 16 6b 77 ..............kw
000000000128fff8 f8 21 c4 00 00 00 00 00 - 41 00 4c 00 4c 00 55 00 .!......A.L.L.U.
0000000001290008 53 00 45 00 52 00 53 00 - 50 00 52 00 4f 00 46 00 S.E.R.S.P.R.O.F.
0000000001290018 49 00 4c 00 45 00 3d 00 - 43 00 3a 00 5c 00 44 00 I.L.E.=.C.:.\.D.
0000000001290028 6f 00 63 00 75 00 6d 00 - 65 00 6e 00 74 00 73 00 o.c.u.m.e.n.t.s.
0000000001290038 20 00 61 00 6e 00 64 00 - 20 00 53 00 65 00 74 00   .a.n.d. .S.e.t.
0000000001290048 74 00 69 00 6e 00 67 00 - 73 00 5c 00 41 00 6c 00 t.i.n.g.s.\.A.l.
*----> State Dump for Thread Id 0xd44 <----*
eax=75841e36 ebx=0085feb0 ecx=00000000 edx=00000000 esi=0085feb4 edi=7ffd8000
eip=7c8285ec esp=0085fe64 ebp=0085ff0c iopl=0         nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00000246
function: ntdll!KiFastSystemCallRet
        7c8285ce e82c000000       call    ntdll!RtlRaiseException (7c8285ff)
        7c8285d3 8b0424           mov     eax,[esp]
        7c8285d6 8be5             mov     esp,ebp
        7c8285d8 5d               pop     ebp
        7c8285d9 c3               ret
        7c8285da 8da42400000000   lea     esp,[esp]
        7c8285e1 8da42400000000   lea     esp,[esp]
        ntdll!KiFastSystemCall:
        7c8285e8 8bd4             mov     edx,esp
        7c8285ea 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c8285ec c3               ret
        7c8285ed 8da42400000000   lea     esp,[esp]
        7c8285f4 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c8285f8 8d542408         lea     edx,[esp+0x8]
        7c8285fc cd2e             int     2e
        7c8285fe c3               ret
        ntdll!RtlRaiseException:
        7c8285ff 55               push    ebp
        7c828600 8bec             mov     ebp,esp
        7c828602 8da42430fdffff   lea     esp,[esp-0x2d0]
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MSGINA.dll -
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0085ff0c 7739bbd1 00000002 0085ff34 00000000 ntdll!KiFastSystemCallRet
0085ff68 75841ebd 00000001 0085ffac ffffffff USER32!MsgWaitForMultipleObjectsEx+0xd7
0085ffb8 77e64829 001420a0 00000000 00000000 MSGINA!WlxDisplayStatusMessage+0x3fa
0085ffec 00000000 75841e36 001420a0 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
000000000085fe64 fb 7c 82 7c 2c 20 e6 77 - 02 00 00 00 b0 fe 85 00 .|.|, .w........
000000000085fe74 01 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00 00 ................
000000000085fe84 04 00 00 00 00 00 00 00 - 24 00 00 00 01 00 00 00 ........$.......
000000000085fe94 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000085fea4 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 07 00 00 ................
000000000085feb4 48 01 00 00 00 00 00 00 - 00 00 00 00 7c fe 85 00 H...........|...
000000000085fec4 40 ff 85 00 30 ff 85 00 - 18 af 3a 77 90 b8 39 77 @...0.....:w..9w
000000000085fed4 ff ff ff ff 00 80 fd 7f - 92 ba 39 77 00 00 00 00 ..........9w....
000000000085fee4 b0 fe 85 00 20 00 07 00 - 13 01 00 00 02 00 00 00 .... ...........
000000000085fef4 80 fe 85 00 b4 07 00 00 - dc ff 85 00 60 1a e6 77 ............`..w
000000000085ff04 f8 1f e6 77 00 00 00 00 - 68 ff 85 00 d1 bb 39 77 ...w....h.....9w
000000000085ff14 02 00 00 00 34 ff 85 00 - 00 00 00 00 ff ff ff ff ....4...........
000000000085ff24 00 00 00 00 fa ba 39 77 - ff 05 00 00 a0 20 14 00 ......9w..... ..
000000000085ff34 b4 07 00 00 48 01 00 00 - 00 80 fd 7f 34 ff 85 00 ....H.......4...
000000000085ff44 02 01 00 00 04 ff 85 00 - 00 00 00 00 dc ff 85 00 ................
000000000085ff54 60 1a e6 77 00 00 00 00 - 00 00 00 00 48 01 00 00 `..w........H...
000000000085ff64 34 ff 85 00 b8 ff 85 00 - bd 1e 84 75 01 00 00 00 4..........u....
000000000085ff74 ac ff 85 00 ff ff ff ff - ff 05 00 00 04 00 00 00 ................
000000000085ff84 00 00 00 00 00 00 00 00 - a0 20 14 00 20 00 07 00 ......... .. ...
000000000085ff94 13 01 00 00 00 00 00 00 - 00 00 00 00 e8 01 09 00 ................
*----> State Dump for Thread Id 0xba0 <----*
eax=564d5868 ebx=c9435052 ecx=0000001e edx=00005658 esi=00e4fd0c edi=10001c65
eip=1000597b esp=00e4fc94 ebp=00e4fca4 iopl=0         nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00010282
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\VMUpgradeAtShutdownWXP.dll -
function: VMUpgradeAtShutdownWXP!OnShutDownNotification
        10005964 56               push    esi
        10005965 57               push    edi
        10005966 8b4508           mov     eax,[ebp+0x8]
        10005969 50               push    eax
        1000596a 8b7814           mov     edi,[eax+0x14]
        1000596d 8b7010           mov     esi,[eax+0x10]
        10005970 8b500c           mov     edx,[eax+0xc]
        10005973 8b4808           mov     ecx,[eax+0x8]
        10005976 8b5804           mov     ebx,[eax+0x4]
        10005979 8b00             mov     eax,[eax]
FAULT ->1000597b ed               in      eax,dx
        1000597c 870424           xchg    [esp],eax
        1000597f 897814           mov     [eax+0x14],edi
        10005982 897010           mov     [eax+0x10],esi
        10005985 89500c           mov     [eax+0xc],edx
        10005988 894808           mov     [eax+0x8],ecx
        1000598b 895804           mov     [eax+0x4],ebx
        1000598e 8f00             pop     [eax]
        10005990 5f               pop     edi
        10005991 5e               pop     esi
        10005992 5b               pop     ebx
*----> Stack Back Trace <----*
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
00e4fca4 10005918 00e4fcc8 00e4fce4 10001ecf VMUpgradeAtShutdownWXP!OnShutDownNotification+0x3fab00e4fcb0 10001ecf 00e4fcc8 00d83f78 00d83fc0 VMUpgradeAtShutdownWXP!OnShutDownNotification+0x3f4800e4fce4 10001c99 49435052 00c31a28 00d83f78 VMUpgradeAtShutdownWXP!OnShutDownNotification+0x4ff00e4fd0c 10001e73 00d83f78 00000021 00e4ff5c VMUpgradeAtShutdownWXP!OnShutDownNotification+0x2c900e4fd34 10001a7a 00e4ff5c 00e4ff54 10006534 VMUpgradeAtShutdownWXP!OnShutDownNotification+0x4a300e4ff60 0103917b 00e4ff78 00000000 00000000 VMUpgradeAtShutdownWXP!OnShutDownNotification+0xaa00e4ffb8 77e64829 00c31a28 00000000 00000000 winlogon+0x3917b00e4ffec 00000000 010390b7 00c31a28 00000000 kernel32!GetModuleHandleA+0xdf
*----> Raw Stack Dump <----*
0000000000e4fc94 c8 fc e4 00 52 50 43 49 - 00 00 00 80 00 00 00 00 ....RPCI........
0000000000e4fca4 b0 fc e4 00 18 59 00 10 - c8 fc e4 00 e4 fc e4 00 .....Y..........
0000000000e4fcb4 cf 1e 00 10 c8 fc e4 00 - 78 3f d8 00 c0 3f d8 00 ........x?...?..
0000000000e4fcc4 6c 4b 13 78 68 58 4d 56 - 52 50 43 c9 1e 00 00 00 lK.xhXMVRPC.....
0000000000e4fcd4 58 56 00 00 0c fd e4 00 - 65 1c 00 10 d0 3f d8 00 XV......e....?..
0000000000e4fce4 0c fd e4 00 99 1c 00 10 - 52 50 43 49 28 1a c3 00 ........RPCI(...
0000000000e4fcf4 78 3f d8 00 6c 4b 13 78 - c0 3f d8 00 10 fd e4 00 x?..lK.x.?......
0000000000e4fd04 00 00 00 00 34 65 00 00 - 34 fd e4 00 73 1e 00 10 ....4e..4...s...
0000000000e4fd14 78 3f d8 00 21 00 00 00 - 5c ff e4 00 54 ff e4 00 x?..!...\...T...
0000000000e4fd24 1e c4 e9 77 e0 be 07 00 - 21 00 00 00 e0 65 00 10 ...w....!....e..
0000000000e4fd34 60 ff e4 00 7a 1a 00 10 - 5c ff e4 00 54 ff e4 00 `...z...\...T...
0000000000e4fd44 34 65 00 10 00 00 00 00 - 57 00 69 00 6e 00 6c 00 4e......W.i.n.l.
0000000000e4fd54 6f 00 67 00 6f 00 6e 00 - 00 00 00 00 00 00 00 00 o.g.o.n.........
0000000000e4fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e4fd74 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e4fd84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e4fd94 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e4fda4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e4fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000000e4fdc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

Now lets see what happend when System initiate Restart/Shutdown. As per log Winlogon.exe stuck at "VMUpgradeAtShutdownWXP!OnShutDownNotification+0xaa".

I have asked the user, is it a Virtual Machine but he replied that its an Physical Server and he had created OS image from systmetec backup recovery of Virtual machine and then installed that one to physical server.

As this is not Virtual Machine that's why server stuck at "VMUpgradeAtShutdownWXP!OnShutDownNotification+0xaa".

Solution : Searched for vmupgrade in process explorer then deleted its registry key.

Virtualization & Automation

How to troubleshoot a "STOP 0xC000021A" error

No comments:

Post a Comment